Skip to content

@W-22567720: remove sensitive output#1498

Merged
iowillhoit merged 4 commits into
mainfrom
ew/output
May 19, 2026
Merged

@W-22567720: remove sensitive output#1498
iowillhoit merged 4 commits into
mainfrom
ew/output

Conversation

@iowillhoit
Copy link
Copy Markdown
Contributor

@iowillhoit iowillhoit commented May 19, 2026

What does this PR do?

  • Redacts accessToken, refreshToken, clientSecret, and password from JSON output of all login commands (sf org login jwt, sf org login web, sf org login sfdx-url, sf org login access-token)
  • Redacts accessToken from sf org list auth --json output
  • Adds SF_TEMP_SHOW_SECRETS=true env var as a temporary workaround for CI pipelines
  • Updates sfdxurl.store.md help text to reference sf org auth show-sfdx-auth-url instead of sf org display --verbose
  • Adds shared redactAuthFields() utility in common.ts

Related

Test plan

  • sf org login jwt --json no longer shows accessToken
  • sf org login web --json same
  • sf org login sfdx-url --json same
  • sf org login access-token --json same
  • sf org list auth --json no longer shows accessToken
  • SF_TEMP_SHOW_SECRETS=true restores original values with deprecation warning
  • HRO output unchanged (only shows success message, no secret)
  • Unit tests pass: yarn test

What issues does this PR fix or reference?

@W-22567720@

@iowillhoit iowillhoit requested a review from a team as a code owner May 19, 2026 18:03
@iowillhoit iowillhoit merged commit bdb36a3 into main May 19, 2026
13 checks passed
@iowillhoit iowillhoit deleted the ew/output branch May 19, 2026 22:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cristiand391 cristiand391 cristiand391 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iowillhoit @cristiand391