From c6edf8aa285b87e50c60b7005de27cfa159f9f83 Mon Sep 17 00:00:00 2001
From: Bernhard Mallinger <bernhard.mallinger@eox.at>
Date: Thu, 9 Dec 2021 09:55:30 +0100
Subject: [PATCH] Source secret values before `set -x` to prevent leaks

---
 testing/run_integration_test.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/testing/run_integration_test.sh b/testing/run_integration_test.sh
index a9c8488..f972736 100755
--- a/testing/run_integration_test.sh
+++ b/testing/run_integration_test.sh
@@ -1,5 +1,10 @@
 #!/usr/bin/env bash
 
+set -o allexport
+source "${PYTEST_ENVIRONMENT}"
+set +o allexport
+
+# NOTE: only set -x after sourcing secret values, otherwise they are leaked
 set -u -x
 
 echo "Using bucket:"
@@ -7,7 +12,6 @@ echo $PREPROCESSOR_RESULTS_BUCKET
 
 TEST_RESULT=0
 
-source "${PYTEST_ENVIRONMENT}"
 
 # wait as in registrar_prep.sh, not sure if necessary
 kubectl exec deployment/my-vs-release-registrar -- ./wait-initialized.sh
-- 
GitLab