Home > Mobile >  Hide CfnOutput values in CDK console log
Hide CfnOutput values in CDK console log

Time:09-02

I'm using CfnOutout in my TypeScript CDK code and would like to output secret values, but at the same time hide them from the console log. This is how I use them:

const accessKey = new CfnAccessKey(this, 'testUserKey', {
  userName: testUser.userName,
});

const accessKeyId = new CfnOutput(this, 'accessKey', { value: accessKey.ref });
const attrSecretAccessKey = new CfnOutput(this, 'secretAccessKey', { value: accessKey.attrSecretAccessKey });

Is there a way to stop CDK from showing them in the console logs? Currently CDK shows them in the log as below:

Outputs:
stagingConsulComponents.accessKey = ADGHHBAS26TGDRGV
stagingConsulComponents.secretAccessKey = JKGHDJhdskjhfzhfsdjdafhJHJdd

CodePudding user response:

I don't think CDK can make an output "sensitive" and hide from the console, you can use sed as the first answer, and that will solve. I would recommend, if you can, push these credentials to AWS secret manager and pull them, so in this case, you don't even need to output them and they will never be in plain text:

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_secretsmanager-readme.html

https://docs.aws.amazon.com/cdk/v2/guide/get_secrets_manager_value.html

CodePudding user response:

It doesn't appear there is any way to suppress the output of those values. However, a little sed work could get you there:

$ cdk deploy ... | sed -E "s/(accessKey) = (.*)$/\1 = masked/" | sed -E "s/(secretAccessKey) = (.*)$/\1 = masked/"

Page link:https//www.codepudding.com/Mobile/531652.html

Prev:TypeScript generic with conditional evaluates union types separately
Next:"TypeError: Cannot read property 'hasMany' of undefined" in TypeScript
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding