Description
Current behavior
Credentials are revealed in the logs (see example below):
Run automated release from branch master on repository https://username:password@bitbucket.example.com/repo.git
Expected behavior
Credentials should be hidden (see example below);
Run automated release from branch master on repository https://[secret]@bitbucket.example.com/repo.git
Environment
- semantic-release version: 19.0.2
- CI environment: TeamCity
- Plugins used: commit-analyzer, release-notes-generator, changelog, exec, git
- semantic-release configuration:
"release": { "plugins": [ "@semantic-release/commit-analyzer", [ "@semantic-release/release-notes-generator", { "preset": "angular", "linkCompare": false, "linkReferences": false } ], [ "@semantic-release/changelog", { "changelogFile": "docs/CHANGELOG.md" } ], [ "@semantic-release/exec", { "prepareCmd": "echo ##teamcity[buildNumber '${nextRelease.version}']" } ], [ "@semantic-release/git", { "assets": [ "docs/CHANGELOG.md" ] } ] ] - CI logs: see above for the relevant log entry
We are using semantic-release in combination with Bitbucket Server. Credentials are passed via environment variable BITBUCKET_TOKEN_BASIC_AUTH.
AFAIK this should be the relevant line that reveals (logs) the sensitive data:
Line 78 in 2c30e26