From 0a79958afceb566355f59657070df59a5cf992c8 Mon Sep 17 00:00:00 2001
From: Jacob McCann <jacob.mccann2@target.com>
Date: Thu, 11 Feb 2016 12:07:08 -0600
Subject: [PATCH 1/3] Add sensitive flag

Do not show commands being ran if sensitive is true
---
 main.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/main.go b/main.go
index 27c08b3..12cfbab 100644
--- a/main.go
+++ b/main.go
@@ -11,10 +11,11 @@ import (
 )
 
 type terraform struct {
-	Remote remote            `json:"remote"`
-	Plan   bool              `json:"plan"`
-	Vars   map[string]string `json:"vars"`
-	Cacert string            `json:"ca_cert"`
+	Remote    remote            `json:"remote"`
+	Plan      bool              `json:"plan"`
+	Vars      map[string]string `json:"vars"`
+	Cacert    string            `json:"ca_cert"`
+	Sensitive bool              `json:"sensitive"`
 }
 
 type remote struct {
@@ -49,7 +50,9 @@ func main() {
 		c.Dir = workspace.Path
 		c.Stdout = os.Stdout
 		c.Stderr = os.Stderr
-		trace(c)
+		if !vargs.Sensitive {
+			trace(c)
+		}
 
 		err := c.Run()
 		if err != nil {

From dc0b0cb14e42f91c89e346af634697d66993ab3d Mon Sep 17 00:00:00 2001
From: Jacob McCann <jacob.mccann2@target.com>
Date: Thu, 11 Feb 2016 12:16:01 -0600
Subject: [PATCH 2/3] Update DOCS on sensitive flag

---
 DOCS.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/DOCS.md b/DOCS.md
index 980207d..3410a6e 100644
--- a/DOCS.md
+++ b/DOCS.md
@@ -7,6 +7,7 @@ Use the Terraform plugin to apply the infrastructure configuration contained wit
 * `vars` - a map of variables to pass to the Terraform `plan` and `apply` commands. Each value is passed as a `-var
  <key>=<value>` option.
 * `ca_cert` - ca cert to add to your environment to allow terraform to use internal/private resources
+* `sensitive` (default: `false`) - Whether or not to suppress terraform commands to stdout.
 
 The following is a sample Terraform configuration in your .drone.yml file:
 
@@ -50,3 +51,25 @@ deploy:
       asdfsadf
       -----END CERTIFICATE-----
 ```
+
+## Suppress Sensitive Output
+You may be passing sensitive vars to your terraform commands.  If you do not want
+the terraform commands to display in your drone logs then set `sensitive` to `true`.
+The output from the commands themselves will still display, it just won't show
+want command is actually being ran.
+
+```yaml
+deploy:
+  terraform:
+    dry_run: false
+    sensitive: true
+    remote:
+      backend: S3
+      config:
+        bucket: my-terraform-config-bucket
+        key: tf-states/my-project
+        region: us-east-1
+      vars:
+        app_name: my-project
+        app_version: 1.0.0
+```

From 2f4408d756b4a82a7e0d5a8ded8b1f6969242895 Mon Sep 17 00:00:00 2001
From: Jacob McCann <jacob.mccann2@target.com>
Date: Thu, 18 Feb 2016 13:25:58 -0600
Subject: [PATCH 3/3] Replace 'dry_run' with 'plan' in advanced examples

---
 DOCS.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/DOCS.md b/DOCS.md
index 3410a6e..6bd526e 100644
--- a/DOCS.md
+++ b/DOCS.md
@@ -37,7 +37,7 @@ CA Certificate.  You can inject your CA Certificate into the plugin by using
 ```yaml
 deploy:
   terraform:
-    dry_run: false
+    plan: false
     remote:
       backend: swift
       config:
@@ -61,7 +61,7 @@ want command is actually being ran.
 ```yaml
 deploy:
   terraform:
-    dry_run: false
+    plan: false
     sensitive: true
     remote:
       backend: S3