diff --git a/DOCS.md b/DOCS.md index 980207d..6bd526e 100644 --- a/DOCS.md +++ b/DOCS.md @@ -7,6 +7,7 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit * `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var =` option. * `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources +* `sensitive` (default: `false`) - Whether or not to suppress terraform commands to stdout. The following is a sample Terraform configuration in your .drone.yml file: @@ -36,7 +37,7 @@ CA Certificate. You can inject your CA Certificate into the plugin by using ```yaml deploy: terraform: - dry_run: false + plan: false remote: backend: swift config: @@ -50,3 +51,25 @@ deploy: asdfsadf -----END CERTIFICATE----- ``` + +## Suppress Sensitive Output +You may be passing sensitive vars to your terraform commands. If you do not want +the terraform commands to display in your drone logs then set `sensitive` to `true`. +The output from the commands themselves will still display, it just won't show +want command is actually being ran. + +```yaml +deploy: + terraform: + plan: false + sensitive: true + remote: + backend: S3 + config: + bucket: my-terraform-config-bucket + key: tf-states/my-project + region: us-east-1 + vars: + app_name: my-project + app_version: 1.0.0 +``` diff --git a/main.go b/main.go index 27c08b3..12cfbab 100644 --- a/main.go +++ b/main.go @@ -11,10 +11,11 @@ import ( ) type terraform struct { - Remote remote `json:"remote"` - Plan bool `json:"plan"` - Vars map[string]string `json:"vars"` - Cacert string `json:"ca_cert"` + Remote remote `json:"remote"` + Plan bool `json:"plan"` + Vars map[string]string `json:"vars"` + Cacert string `json:"ca_cert"` + Sensitive bool `json:"sensitive"` } type remote struct { @@ -49,7 +50,9 @@ func main() { c.Dir = workspace.Path c.Stdout = os.Stdout c.Stderr = os.Stderr - trace(c) + if !vargs.Sensitive { + trace(c) + } err := c.Run() if err != nil {