buildkite-agent redactor
The Buildkite Agent automatically redacts some sensitive information from logs, such as secrets fetched with the secret get
command, and any environment variables that match the value given in the --redacted-vars
flag.
However, sometimes a job will source something sensitive through a side channel - perhaps a third-party secrets storage system like Hashicorp Vault or AWS Secrets Manager. In these cases, you can use the redactor add
command to add the sensitive information to the redactor, ensuring it is redacted from subsequent logs.
Adding a value to the redactor
This may be used to parse a file for values to redact from a running job's log output. If you dynamically fetch secrets during a job, it is recommended that you use this command to ensure they will be redacted from subsequent logs. Secrets fetched with the builtin secret get
command do not require the use of this command, they will be redacted automatically.
Options:
--format value #
|
The format for the input, one of: [json none]. `none` will add the entire input as a to the redactor, save for leading and trailing whitespace, `json` will parse it a string valued JSON Object, where each value of each key will be added to the redactor. (default: "none") |
---|---|
--agent-access-token value #
|
The access token used to identify the agent |
--endpoint value #
|
The Agent API endpoint (default: " |
--no-http2 #
|
Disable HTTP2 when communicating with the Agent API. |
--debug-http #
|
Enable HTTP debug mode, which dumps all request and response bodies to the log |
--no-color #
|
Don't show colors in logging |
--debug #
|
Enable debug mode. Synonym for `--log-level debug`. Takes precedence over `--log-level` |
--log-level value #
|
Set the log level for the agent, making logging more or less verbose. Defaults to notice. Allowed values are: debug, info, error, warn, fatal (default: "notice") |
--experiment value #
|
Enable experimental features within the buildkite-agent |
--profile value #
|
Enable a profiling mode, either cpu, memory, mutex or block |