04f203f03a
So that a job may provide sensitive data to a child job without those data ending up in the inventory file (and therefore in the log archive) add a secret_data attribute to zuul_return. Change-Id: I7cb8bed585eb6e94009647f490b9341927266e8f Story: 2008389
20 lines
663 B
YAML
20 lines
663 B
YAML
---
|
|
features:
|
|
- |
|
|
If sensitive data must be returned from a job in order to be
|
|
provided to dependent jobs, the ``secret_data`` attribute of
|
|
``zuul_return`` attribute may now be used instead of the normal
|
|
``data`` attribute. The data will be provided via the same
|
|
mechanism as job secrets, where the data are not written to disk
|
|
in the work directory. Care must still be taken to avoid
|
|
displaying or storing sensitive data within the job. For example:
|
|
|
|
.. code-block:: yaml
|
|
|
|
tasks:
|
|
- zuul_return:
|
|
secret_data:
|
|
password: foobar
|
|
data:
|
|
this_is: not secret
|