Prevent creds from appearing in Automation Framework logs
45 views
Skip to first unread message
Sun
Jun 17, 2025, 9:44:47 AM6/17/25
to ZAP User Group
Hi all,
I’m running ZAP in a Tekton pipeline using the Automation Framework (zap.yaml).
Everything is working correctly and I’m able to generate scan reports.
I use the following command to start the scan:
./zap.sh -silent -cmd -autorun zap.yaml
My problem:
In the logs I see the following line:
Job users set credentials = {password=<password>, username=<username>}
I would like to avoid having the actual username and password printed in the logs for security reasons.
Is there a way to prevent the Automation Framework from printing the credentials?
Any advice would be greatly appreciated.
Thanks,
Sun
Sun
Jun 18, 2025, 5:57:13 AM6/18/25
to ZAP User Group
Just replying back to this thread.
The solution is to use the following in your automation framework yaml.
The solution is to use the following in your automation framework yaml.
env:
contexts:
- name: context-example
....
....
parameters:
progressToStdout: false
Simon Bennetts
Jun 19, 2025, 11:51:49 AM6/19/25
to ZAP User Group
Thats not the best solution :)
They are being shown in the output because you have them "in the clear" in your plan.
You should change to using environmental variables: https://www.zaproxy.org/docs/desktop/addons/automation-framework/environment/#variables
The output will then be:
Job users set credentials = {password=${password}, username=${username}}
so it will show the names of the env vars you've used, not their values.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages