Thanks for the suggestion; it’s a good one - we want to support secure practices.
However - we can’t really prevent you from outputting anything you want to in your build logs. Since that comes from your build output which we do not control, I’d suggest doing that masking yourself in this case. If you find any case where we output the sensitive values ourselves (rather than you doing so as a part of your build - e.g. in a notification that we generate, or in the unavoidable part of build logs such as our npm install), we’d treat that as a bug and get it fixed quickly so please do let me know if you see that!
in travis ci when we set some env var it will auto mask log message, then i can set some fake env var for make sure some info will get mask in log message
sure if we do not print it, is more easy
but some time, we can’t control output message
so i think if have a build-in way for mask it is more better
I agree with you and also want that!
But for now, the only thing that is POSSIBLE is for you to control your own output, so as a tech support professional it’s not really useful to talk about what I want but what is already implemented