Does Concourse have the ability to mask secrets that may leak into stdout or stderr? I’m finding that various tools (or developers!) might unintentionally dump out environment variables or use “set -x” or enable debugging in some tool that shows passwords and such.
If it doesn’t exist, this would be a nice addition/feature for the corporate environments. We push all logs out to log collectors and really don’t want to have secrets appear.
For our use case, I would define a secret as any value pulled from CredHub (or Vault or whatever secrets manager is being used).