Masking secrets in logs



TravisCI does smart thing about preventing secret leaks. It filters data that will be outputted to the public logs based on the current projects secret variables. If a log sub-string matches a secret variable value - sub-string will be replaced with [secret] instead of secret variable’s real value.

CircleCI can take it even further and notify via email or dev console about potential leaks.

Masking secrets in output logs