Packer: Packer 1.4.x still print sensitive variables on console (Debian stretch)

Thanks for opening! I did some testing, and I _think_ that this is happening because you're passing the variables via the -var or -var-file command line flags. Is that the case? I was just working on another interpolation problem that occurred in this situation, and it turns out that my fix there appears to also solve this issue.

PR: #7733
binaries: https://circleci.com/gh/hashicorp/packer/3996#artifacts/containers/0

Can you confirm that this fixes things for you? I just did a quick test and it worked for me.

Yes I use -var for dynamic variables and var-files for some static configuration

I've tested with your package but the issue is still here :
$ /usr/local/bin/packer version Packer v1.4.2-dev

Logs :

vsphere-clone:\n1560256603,,ui,say,==> vsphere-clone: Pausing 20s before the next provisioner...\n1560256623,,ui,say,==> vsphere-clone: Provisioning with Ansible...\n1560256624,,ui,say,==> vsphere-clone: Executing Ansible: ansible-playbook --extra-vars packer_build_name=vsphere-clone packer_builder_type=vsphere-clone -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible483832301 ../ansible/vmware_change_nic.yml -e ansible_ssh_private_key_file=/tmp/ansible-key441681734 --extra-vars vm_name=myvm vcenter_server=myvcenter vcenter_username=myuser vcenter_password=mypasswd datacenter=mydc esx_host=myvmh network_name=mynetwork\n1560256625,,ui,message, vsphere-clone:\n1560256625,,ui,message

vmware_change_nic.yml:

   {
        "type": "ansible",
        "pause_before": "5s",
        "playbook_file": "../ansible/vmware_change_nic.yml",
        "extra_arguments": [
            "--extra-vars",
            "vm_name={{user `vm_name`}} vcenter_server={{user `vcenter_server`}} vcenter_username={{user `vcenter_username`}} vcenter_password={{user `vcenter_password`}} datacenter={{user `datacenter`}} esx_host={{user `vmh`}} network_name={{user `network_name`}}"
        ],
        "ansible_env_vars": [ "ANSIBLE_NOCOWS=1" ]
    },

Do you need more informations ? Note that I didn't test on another provisionner than ansible.
Is there any way to completely remove the logging of --extra-vars?

Okay found it for real, I think. Try this one. https://circleci.com/gh/hashicorp/packer/4304#artifacts/containers/0

I tried with this version, but the issue is still here :/
If it can help, as i see your fix, it happens independently when the build fails or is successfull

Woops merged it too soon again ! Sorry !

If it can help, as i see your fix, it happens independently when the build fails or is successfull

I don't understand what you mean here. The above fix should apply regardless of whether a build is successful.

Third time's the charm; I didn't notice that you were using machine-readable logs until now: https://circleci.com/gh/hashicorp/packer/4414#artifacts/containers/0

So the builds in the above link (ci build 4414) still aren't working for you?

It works like a charm ! Many thanks !
==> vsphere-clone: Executing Ansible: ansible-playbook --extra-vars packer_build_name=vsphere-clone packer_builder_type=vsphere-clone -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible202873551 ../ansible/vmware_change_nic.yml -e ansible_ssh_private_key_file=/tmp/ansible-key004849968 --extra-vars vm_name=myvm vcenter_server=<sensitive> vcenter_username=<sensitive> vcenter_password=<sensitive> datacenter=mydc esx_host=myesx network_name=mynetwork\n1560367812,,ui,message, vsphere-clone:\n1560367812,,ui,message

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.