Say I have a
pwd = getpass('mysql password: ')
run('mysql -umoo -p%s something' % pwd)
[host] run: mysql -umoo -pTheActualPassword
[host] run: mysql -umoo -p*******
Rather than modifying / overriding Fabric, you could replace stdout (or any iostream) with a filter.
Here's an example of overriding stdout to censor a specific password. It gets the password from Fabric's
env.password variable, set by the
-I argument. Note that you could do the same thing with a regular expression, so that you wouldn't have to specify the password in the filter.
I should also mention, this isn't the most efficient code in the world, but if you're using fabric you're likely gluing a couple things together and care more about manageability than speed.
#!/usr/bin/python import sys import string from fabric.api import * from fabric.tasks import * from fabric.contrib import * class StreamFilter(object): def __init__(self, filter, stream): self.stream = stream self.filter = filter def write(self,data): data = data.replace(self.filter, '[[TOP SECRET]]') self.stream.write(data) self.stream.flush() def flush(self): self.stream.flush() @task def can_you_see_the_password(): sys.stdout = StreamFilter(env.password, sys.stdout) print 'Hello there' print 'My password is %s' % env.password
fab -I can_you_see_the_password Initial value for env.password:
this will produce:
Hello there My password is [[TOP SECRET]]