Hide variables in job output

[Benjamin-K]

Currently variables are replaced by their corresponding value. This could lead to security issues as password will be shown in plain text in the prunner output. Therefore, variables passed from an .env file should not be replaced by their value and kept as is.

Example

.env

DB_USER=user
DB_PASSWORD=my_secure_pw
DB_NAME=db

NEW_DB_USER=new_user
NEW_DB_PASSWORD=my_really_secure_pw
NEW_DB_NAME=new_db

pipelines.yaml:

pipelines:
  name:
    tasks:
      exportDb:
        script:
          - mysqldump -u $DB_USER -p$DB_PASSWORD -h 127.0.0.1 $DB_NAME > /path/to/dump.sql
      importDb:
        script:
          - |
            ssh -p 1234 other-host.com "
            cat /path/to/dump.sql | mysql -u $NEW_DB_USER -p$NEW_DB_PASSWORD -h 127.0.0.1 $NEW_DB_NAME
            "

This will print mysql -u new_user -pmy_really_secure_pw -h 127.0.0.1 new_db in the log visible in the Neos backend.