unawaz
Reputation: 79
How to avoid eval console output or logs (contain secrets) in shell script when you read file lines?
Probably a small shell script problem: I am trying to avoid printing secret values to console output or logs. I have to read a file line by line, then replace any variable values in every line and write output to a new file.
Here is my code to read and write but the problem is that input.txt contains secret variables that are coming from another system or let's environment variables.
source ./environment
while read line;
do eval echo \"$line\";
done < input.txt > output.txt
./environment file contains some variable values.
here is how input.txt looks like:
projectName=Alpha
apiKey=${SECREST_APIKEY}
userKey=${SECRET_USERKEY}
projectVersion={$VERSION}
requesterEmail=
Colsole logs:
...
+ read line
+ eval echo '"projectName=Alpha"'
++ echo projectName=Alpha
projectName=Alpha
+ read line
+ eval echo '"apiKey=${CFG_APIKEY}"'
++ echo apiKey=blablablablablabla
+ read line
+ eval echo '"userKey=${CFG_USERKEY}"'
++ echo userKey=keyKEYkey
...
But the console logs print everything including the secret. I know it is because of echo in my code but I do not know what is the alternate solution here. Please direct me if this problem was already covered in another question.
Upvotes: 1
Views: 599
Answers (0)
Related Questions
- Shell script to read line from TXT and assign to env variable?
- sourcing env output
- read variables from file
- How to print env var from file in bash (without using source)?
- Use sed to comment out .env entry
- How can I log/read a string in a bash script without executing it?
- how to redirect variables to a file but not display on screen
- bypass read command in shell script
- Eval command is throwing logs on console-How to suppress it?
- Modify bash script to exclude text when reading file