Secrets not redacted from build log artifacts

Using xcode for builds, when tests fail and the logs are uploaded as artifacts, secrets are made available in plain-text (un-redacted). This is specifically the raw xcodebuild logs.

Hey @BlueDrink9!

This might be because the raw xcodebuild log is not generated by the Bitrise CLI. Only that secret will be redacted that is printed on the CLI’s standard output or standard error.The file contents are not be affected by the filtering.

In short, secrets are filtered/removed from the build log, the CLI simply can’t remove or filter any other output. If you save the secrets into a file with a script the CLI can’t filter that file, it’s your responsibility to not to expose that file or to filter it if it includes secrets.

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.