Git credentials are exposed in atlantis logs

[nnovaeshc]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

• I'd be willing to implement this feature (contributing guide)

Describe the user story
Git credentials are exposed in atlantis logs (at least) when --write-git-creds. Even though there's a warning in atlantis documentation stating "This does write secrets to disk and should only be enabled in a secure environment.", i believe they shouldn't be exposed in the logs. I have provided below an excerpt of the log message and replaced my credentials with actualcredentialshere

1702650458045,"{""level"":""debug"",""ts"":""2023-12-15T14:27:38.045Z"",""caller"":""vcs/gh_app_creds_rotator.go:58"",""msg"":""Refreshing git tokens for Github App"",""json"":{}}"
1702650458045,"{""level"":""debug"",""ts"":""2023-12-15T14:27:38.045Z"",""caller"":""vcs/gh_app_creds_rotator.go:64"",""msg"":""token actualcredentialshere"",""json"":{}}"
1702650458052,"{""level"":""debug"",""ts"":""2023-12-15T14:27:38.052Z"",""caller"":""vcs/git_cred_writer.go:36"",""msg"":""git credentials file has expected contents, not modifying"",""json"":{}}"

Describe the solution you'd like
Git credentials are masked or ommited

Describe the drawbacks of your solution
N/A

Describe alternatives you've considered
N/A

[bschaatsbergen]

I'll happily pick this up. Thanks for taking the time to raise this issue @nnovaeshc 👏

[nnovaeshc]

@bschaatsbergen any updates on this?