[Feature Request]: Hidden Arguments for Shell Action

[dsanderbi]

What would you like to happen?

In Apache Hop, the Shell Action allows passing arguments to a script.

However, when arguments are provided, they are visible in the output. This poses a security risk, especially for sensitive data such as private tokens or credentials.

Requested:
I propose adding an option (either a checkbox or a dropdown menu) to mark certain arguments as hidden. When enabled, these arguments should not appear in the output logs. This would enhance security by preventing sensitive information from being exposed.

Benefits:

• Improved security by preventing leakage of sensitive data in logs
• Useful for handling API keys, private tokens, or credentials securely

NOTE:
It would be great if a similar option could also be added to the Set Variables action/transform, allowing sensitive variables to be hidden from logs.

Issue Priority

Priority: 2

Issue Component

Component: Actions, Component: Hop Gui

[gmitter-ef]

I would like to add, that

• the "REST client" transform (from DEBUG log level updwards) prints the URL it tries to connect to; when the URL contains sensitive information it is visible in the log
• the "Set variables" transform also prints the values that are set in BASIC log level
• ROW LEVEL log level seems to print the values of all fields, including any sensitive values if they are part of the stream (e.g., after decryption of encrypted secrets via "User defined Java expression" transform)

[hansva]

Great Idea to solve this local problem.
At some point, we probably want to lift this to a higher level...
When creating a variable we mark it as sensitive/private and then modify our IVariables.resolve() method or have 2 versions (1 for logging and 1 for actual value resolving)

[hansva]

I would like to add, that

• the "REST client" transform (from DEBUG log level updwards) prints the URL it tries to connect to; when the URL contains sensitive information it is visible in the log
• the "Set variables" transform also prints the values that are set in BASIC log level
• ROW LEVEL log level seems to print the values of all fields, including any sensitive values if they are part of the stream (e.g., after decryption of encrypted secrets via "User defined Java expression" transform)

I'm not sure about hiding this information at ROW LEVEL, at some point, you should be able to debug... if you have no context how will this be possible? There might be a misconfiguration and your variables are empty but if you have no way of knowing this you might spend a long time trying to figure it out.

[gmitter-ef]

I would like to add, that

• the "REST client" transform (from DEBUG log level updwards) prints the URL it tries to connect to; when the URL contains sensitive information it is visible in the log
• the "Set variables" transform also prints the values that are set in BASIC log level
• ROW LEVEL log level seems to print the values of all fields, including any sensitive values if they are part of the stream (e.g., after decryption of encrypted secrets via "User defined Java expression" transform)

I'm not sure about hiding this information at ROW LEVEL, at some point, you should be able to debug... if you have no context how will this be possible? There might be a misconfiguration and your variables are empty but if you have no way of knowing this you might spend a long time trying to figure it out.

Yes, that's of course a good point. For debugging one could add an EXTRA "Write to log" transform to display the stream fields values for such a purpose perhaps. We currently just find no way to avoid printing out secrets using ROW LEVEL. Alternatively, for debugging only, setting "Hidden?" to N would also be an option.