Had a look at your PR.

My opinion is that secrets should be mounted as files in a container and not envieonmennt variables.

You can see artilcle about this here.

That being said I appreciate your motivation to quickly fix this issue.

I looked at your PR as well. The issue with it is that if users dont opt in their credentials might be leaked in the logs.

I would prefer if we figure out which , if any, environment variables are configured by the plugin , and only log those, obustuficating ones that might have credentials.

Had a look at your PR.

Thank you.

My opinion is that secrets should be mounted as files in a container and not envieonmennt variables.

I agree, but I'm sure that since you also work for a very large org (this is my personal account) then you'll know that we don't always get to fix everything in our environment. A lot of the time we just have to work with what the org has either bought or developed with teams that aren't motivated/budgeted to make changes for us.

I looked at your PR as well. The issue with it is that if users dont opt in their credentials might be leaked in the logs.

If the default were to opt-out of environment logging supression then this could be a breaking change. I can imagine someone somewhere scraping build logs to build stuff like Splunk dashboards. Making it opt-in, at least to begin with, allows it to be introduced first as a patch release.

I would prefer if we figure out which , if any, environment variables are configured by the plugin , and only log those, obustuficating ones that might have credentials.

That would be the ideal solution.