Hide stdout from Fly / Hide secrets?

[DandyDeveloper]

Scenario We have secrets in our pipelines imported from variables / vault that make it through to the fly output via the set-pipeline. Using this resource it will have an audit of these secrets, which would preferably be hidden or just not exist completely.

Implementation

1. Hide the stdout entirely via a new out parameter.
2. Consider certain vars "secrets" to prevent these specific variables being visible in the output (this is more a fly specific and therefore probably completely out of scope for this issue).

I believe 1 is the best scenario and easiest to cover. If the stdout is only in the interim containers, which get cleaned up, I think this would be sufficient for our use case.

Is this something we would want added to this resource?

[DandyDeveloper]

I've added a PR for this, would appreciate some feedback to see if you want this done a better way.

I would like to get a nicer test setup for this, but it's cumbersome right now, if it's essential, I'll try and get one added.

[xtremerui]

HI @DandyDeveloper , would https://concourse-ci.org/jobs.html#schema.step.set-pipeline-step.set_pipeline help in your case? I think if you are using vault then you can just use it as (()). And the step will support vars too. Refer to https://github.com/concourse/rfcs/pull/31/files for more details. Thx.

[DandyDeveloper]

@xtremerui I think this might do the job especially as it's more native to Concourse.

I'm on 6.0.0. Has the feature moved out of the experimental phase yet?

[xtremerui]

Refer to https://github.com/concourse/concourse-pipeline-resource/issues/70#issuecomment-628996408

It is not fully finished but in a stable state that we have been using for a while. If you just need a way to set a pipeline then I would recommend you to try it.