keep old comment

Author: LukasAud

lib/puppet/provider/base_dsc_lite/powershell.rb

@@ -53,7 +53,12 @@ def self.escape_quotes(text)
   end
 
   def self.redact_content(content)
-    # Redact Sensitive unwraps that appear as "'secret' # PuppetSensitive"
+    # Note that here we match after an equals to ensure we redact the value being passed, but not the key.
+    # This means a redaction of a string not including '= ' before the string value will not redact.
+    # Every secret unwrapped in this module will unwrap as "'secret' # PuppetSensitive" and, currently,
+    # always inside a hash table to be passed along. This means we can (currently) expect the value to
+    # always come after an equals sign.
+    # Note that the line may include a semi-colon and/or a newline character after the sensitive unwrap.
     content.gsub(%r{= '.+' # PuppetSensitive;?(\\n)?$}, "= '[REDACTED]'")
   end