My logs have instances of heap replaced with **** and random-enough strings like our ECR repo replaced with **** . For example:
Error: ENOENT: no such file or directory, open '/home/circleci/****/front/public/js/****.js
image: ********************************************/****-services-circleci:debian-ci-node-v1028
test/self_serve/****_plan_manager.coffee
We only mask out things which are stored as project environment variables or within a context. Are you storing things there which you don’t consider secrets? We are considering some ways to allow self-service opt-out, so we’d like to understand more about the scenarios that are leading to this problem.
You can contact support to have this disabled on one of your projects, or if you’d like to provide us more information about your use of variables in a more private channnel.
Are you storing things there which you don’t consider secrets?
Yes. The use case is to add global environment variables that are referenced in multiple places (executors, jobs, bash scripts). A specific example is our AWS ECR URL. It’s not a secret and it would be painful to add it everywhere we need it.
Interesting feature, but I was also surprised today when I saw my output masked. It would be nice to have a banner or have this feature communicated to the users on that screen. And just like the user above, I use env vars to store configuration values that are actually very useful to have them visible on the logs.
Same for us. We use global environment variable for the name of one of our projects. We definitely do not consider this as sensitive information.
This new feature results in broken links to external links (e.g. firebase)