Reputation: 79
Probably a small shell script problem: I am trying to avoid printing secret values to console output or logs. I have to read a file line by line, then replace any variable values in every line and write output to a new file.
Here is my code to read and write but the problem is that input.txt
contains secret variables that are coming from another system or let's environment variables.
source ./environment
while read line;
do eval echo \"$line\";
done < input.txt > output.txt
./environment file contains some variable values.
here is how input.txt looks like:
projectName=Alpha
apiKey=${SECREST_APIKEY}
userKey=${SECRET_USERKEY}
projectVersion={$VERSION}
requesterEmail=
Colsole logs:
...
+ read line
+ eval echo '"projectName=Alpha"'
++ echo projectName=Alpha
projectName=Alpha
+ read line
+ eval echo '"apiKey=${CFG_APIKEY}"'
++ echo apiKey=blablablablablabla
+ read line
+ eval echo '"userKey=${CFG_USERKEY}"'
++ echo userKey=keyKEYkey
...
But the console logs print everything including the secret. I know it is because of echo in my code but I do not know what is the alternate solution here. Please direct me if this problem was already covered in another question.
Upvotes: 1
Views: 599