This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ant.git
The following commit(s) were added to refs/heads/master by this push:
new b474a0cda more documentation for #124
b474a0cda is described below
commit b474a0cdaa3e230cbddfbd9cf217b4a961a5ea05
Author: Stefan Bodewig <[email protected]>
AuthorDate: Tue Mar 3 21:46:10 2026 +0100
more documentation for #124
---
WHATSNEW | 4 ++++
manual/Tasks/sshexec.html | 29 +++++++++++++++++++++++++----
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/WHATSNEW b/WHATSNEW
index dfc5fa1cb..3d00b852b 100644
--- a/WHATSNEW
+++ b/WHATSNEW
@@ -87,6 +87,10 @@ Other changes:
junction or the target of the respective links. The old behavior
of changing the link's target remains as default.
+ * a new combination of attributes allows <sshexec> to mask sensitive
+ data specified for the command line to execute.
+ Github Pull Request #124
+
Changes from Ant 1.10.14 TO Ant 1.10.15
=======================================
diff --git a/manual/Tasks/sshexec.html b/manual/Tasks/sshexec.html
index b4d37b055..e975f6419 100644
--- a/manual/Tasks/sshexec.html
+++ b/manual/Tasks/sshexec.html
@@ -231,23 +231,23 @@ <h3>Parameters</h3>
<tr>
<td>hideSensitive</td>
<td>Allows to hide sensitive data in logs without output supressing. It
makes easier debugging
- with sensitive data hiding.
+ with sensitive data hiding. <em>since Ant 1.10.16</em>
</td>
<td>No; defaults to <q>false</q></td>
</tr>
<tr>
<td>bindSensitive</td>
- <td>Contains string with key=values pairs are divided by
<var>sensitiveDelimiter</var></td>
+ <td>Contains string with key=values pairs are divided by
<var>sensitiveDelimiter</var>. <em>since Ant 1.10.16</em></td>
<td>Yes if <var>hideSensitive</var> set to <q>true</q></td>
</tr>
<tr>
<td>sensitiveDelimiter</td>
- <td>Sensitive data delimiter of key=values pairs</td>
+ <td>Sensitive data delimiter of key=values pairs. <em>since Ant
1.10.16</em></td>
<td>No, defaults to <q>;</q></td>
</tr>
<tr>
<td>placeholderBrackets</td>
- <td>Contains symbols to destinguish placeholder are needed to replace with
sensitive data</td>
+ <td>Contains symbols to destinguish placeholder are needed to replace with
sensitive data. <em>since Ant 1.10.16</em></td>
<td>No, defaults to <q>:</q></td>
</tr>
</table>
@@ -330,5 +330,26 @@ <h3>Examples</h3>
<p>is slightly better, but the username/password is exposed to all users on an
Unix system (via
the <kbd>ps</kbd> command). The best approach is to use the
<code><input></code> task and/or
retrieve the password from a (secured) <samp>.properties</samp> file.</p>
+
+<p>Sometimes you may want to execute a command that contains sensitive
+ data that you don't want to appear in Ant's log output. For this you
+ can use a combination of <var>hideSensitive</var>
+ and <var>bindSensitive</var></p>
+
+<pre>
+<sshexec ...
+ command="some-script :secret: :another-secret:"
+ hidesensitive="true"
+ bindSensitive="secret=scott;another-secret=tiger">
+</pre>
+
+<p>will log <code>some-script :secret: :another-secret:</code> but
+ actually execute <code>some-script scott
+ tiger</code>. The <var>placeholderBrackets</var> attribute allows to use a
+ different string than the default <q>:</q> to mark sensitive parts
+ of the command to replace and <var>sensitiveDelimiter</var> allows
+ the key value pairs of <var>bindSensitive</var> to be separated by a
+ different string than the default <q>;</q>.</p>
+
</body>
</html>
