unawaz
unawaz

Reputation: 79

How to avoid eval console output or logs (contain secrets) in shell script when you read file lines?

Probably a small shell script problem:  I am trying to avoid printing secret values to console output or logs. I have to read a file line by line, then replace any variable values in every line and write output to a new file.

Here is my code to read and write but the problem is that input.txt contains secret variables that are coming from another system or let's environment variables.

source ./environment

while read line;
    do eval echo \"$line\";
done < input.txt > output.txt

./environment file contains some variable values.

here is how input.txt looks like:

projectName=Alpha
apiKey=${SECREST_APIKEY}
userKey=${SECRET_USERKEY}
projectVersion={$VERSION}
requesterEmail=

Colsole logs:

...
+ read line
+ eval echo '"projectName=Alpha"'
++ echo projectName=Alpha
projectName=Alpha
+ read line
+ eval echo '"apiKey=${CFG_APIKEY}"'
++ echo apiKey=blablablablablabla
+ read line
+ eval echo '"userKey=${CFG_USERKEY}"'
++ echo userKey=keyKEYkey
...

But the console logs print everything including the secret. I know it is because of echo in my code but I do not know what is the alternate solution here. Please direct me if this problem was already covered in another question.

Upvotes: 1

Views: 599

Answers (0)

Related Questions