feature: mask sensitive values (#83)

jaredfholgate · web-flow · commit 6b0bbbda0454 · 2023-10-13T16:19:08.000+01:00
diff --git a/src/ALZ/Private/Convert-HCLVariablesToUserInputConfig.ps1 b/src/ALZ/Private/Convert-HCLVariablesToUserInputConfig.ps1
@@ -58,6 +58,11 @@ function Convert-HCLVariablesToUserInputConfig {
                 $inputType = "AzureSubscriptionIds"
             }
 
+            $sensitive = $false
+            if($variable.Value[0].PSObject.Properties.Name -contains "sensitive") {
+                $sensitive = $true
+            }
+
             $dataType = $variable.Value[0].type
             $dataType = $dataType.Replace("`${", "").Replace("}", "")
 
@@ -66,6 +71,7 @@ function Convert-HCLVariablesToUserInputConfig {
             $starterModuleConfigurationInstance | Add-Member -NotePropertyName "Type" -NotePropertyValue $inputType
             $starterModuleConfigurationInstance | Add-Member -NotePropertyName "Value" -NotePropertyValue ""
             $starterModuleConfigurationInstance | Add-Member -NotePropertyName "DataType" -NotePropertyValue $dataType
+            $starterModuleConfigurationInstance | Add-Member -NotePropertyName "Sensitive" -NotePropertyValue $sensitive
 
             if($variable.Value[0].PSObject.Properties.Name -contains "default") {
                 $defaultValue = $variable.Value[0].default
@@ -84,6 +90,8 @@ function Convert-HCLVariablesToUserInputConfig {
                 $starterModuleConfigurationInstance | Add-Member -NotePropertyName "DefaultValue" -NotePropertyValue $defaultValue
             }
 
+
+
             if($hasValidation) {
                 $validator = $validators.PSObject.Properties[$validationType].Value
                 $description = "$description ($($validator.Description))"
diff --git a/src/ALZ/Private/Request-ConfigurationValue.ps1 b/src/ALZ/Private/Request-ConfigurationValue.ps1
@@ -42,7 +42,11 @@ function Request-ConfigurationValue {
             Write-InformationColored ": " -NoNewline -InformationAction Continue
         }
 
-        $readValue = Read-Host
+        if($configValue.Sensitive) {
+            $readValue = Read-Host -MaskInput
+        } else {
+            $readValue = Read-Host
+        }
 
         $previousValue = $configValue.Value
 
@@ -55,7 +59,7 @@ function Request-ConfigurationValue {
         $hasNotSpecifiedValue = ($null -eq $configValue.Value -or "" -eq $configValue.Value) -and ($configValue.Value -ne $configValue.DefaultValue)
         $isDisallowedValue = $hasAllowedValues -and $allowedValues.Contains($configValue.Value) -eq $false
         $skipValidationForEmptyDefault = $treatEmptyDefaultAsValid -and $hasDefaultValue -and $defaultValue -eq "" -and $configValue.Value -eq ""
-        
+
         if($skipValidationForEmptyDefault) {
             $isNotValid = $false
         } else {
