TraceSecrets Don't Always Work

[BlythMeister]

Description

Text registered with a trace secret will print when opening and closing tags (and maybe other places)

Repro steps

Register a secret
Do a trace with a description containing the secret

Expected behavior

Secret doesn't show in console

Actual behavior

Secret does show

[matthid]

Secrets also will show when external processes print the secrets (and the output is not redirected) or if you use System.Console directly. It's not a perfect solution whatsoever. Can you give a small example snippet on what you mean?

[BlythMeister]

The script

open Fake.Core

TraceSecrets.register "*******" "ThisIsASecret"

Trace.traceTask  "Testing" "ThisIsASecret" |> Trace.useWith true (fun _ -> Trace.logfn "does this print: ThisIsASecret" )

Will output

Starting task 'Testing': ThisIsASecret
does this print: *******
Finished (Success) 'Testing' in 00:00:00.0188163

So when using logfn the secret doesn't print (which is good)
When using trace, the secret does print

[matthid]

Agreed this could work. So the secret is part of a task-description, which is certainly unusual...

[BlythMeister]

In my example, it's logging which environment variables being set.

So i have a collection of environment variables to set, and wrapper the setting in a trace which logs key and value.
I want the value for all except the secret ones to show.

actual code

[
          "FixedStructure", "true"
          "FixedPath", ""
          "Environment", "INT"
          "ClientCode", "BUILD"
          "DeployService", "http://na.com"
          "EnsconceDir", @"D:\Ensconce\V1"
          "DbUser", "DBuser"
          "DbPassword", "DBPassword"
          "DbServer", "(local)"
        ]
        |> List.iter (fun (name, value) -> (Trace.traceTask "Set environment variable" (sprintf "key: %s | value: %s" name value) |> Trace.useWith true (fun _ -> Environment.setEnvironVar name value)))

where DBPassword has been set as a secret earlier in the script.

[BlythMeister]

another completely contrived example to show different behaviour for outputting secrets:

open Fake.Core
open Fake.Core.TargetOperators

TraceSecrets.register "*******" "ThisIsASecret"

Target.description "ThisIsASecret"
Target.create "ThisIsASecret" (fun (_:TargetParameter) ->
    Trace.traceTask  "ThisIsASecret" "ThisIsASecret" |> Trace.useWith true (fun _ -> Trace.logfn "does this print: ThisIsASecret" )
)
    
Target.create "Default" ignore
    
"ThisIsASecret" ==> "Default"

Target.run 0 "Default" []

outputs

run Default
Building project with version: LocalBuild
Shortened DependencyGraph for Target Default:
<== Default
<== *******

The running order is:
Group - 1

• ---

Group - 2

• Default
  Starting target 'ThisIsASecret': ThisIsASecret
  Starting task 'ThisIsASecret': ThisIsASecret
  does this print: *******
  Finished (Success) 'ThisIsASecret' in 00:00:00.0041784
  Finished (Success) 'ThisIsASecret' in 00:00:00.0964323
  Starting target 'Default'
  Finished (Success) 'Default' in 00:00:00.0006130

---

Build Time Report

Target Duration

---

******* 00:00:00.0915413
Default 00:00:00.0000499
Total: 00:00:00.2397017
Status: Ok

i'll have a look to see if i can fix this :)