From a61291a8870334a1ac3ce15132ee97906bc9065c Mon Sep 17 00:00:00 2001
From: Andrea Luzzardi <aluzzardi@gmail.com>
Date: Fri, 7 Jan 2022 11:57:48 -0800
Subject: [PATCH] engine: redact dynamic secrets (e.g. #NewSecret)

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
---
 client/client.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/client/client.go b/client/client.go
index 4e411743..bd8cc25b 100644
--- a/client/client.go
+++ b/client/client.go
@@ -213,8 +213,10 @@ func (c *Client) logSolveStatus(ctx context.Context, pctx *plancontext.Context,
 	}
 
 	// Just like sprintf, but redacts secrets automatically
-	secrets := pctx.Secrets.List()
 	secureSprintf := func(format string, a ...interface{}) string {
+		// Load a fresh copy of secrets (since they can be dynamically added).
+		secrets := pctx.Secrets.List()
+
 		s := fmt.Sprintf(format, a...)
 		for _, secret := range secrets {
 			s = strings.ReplaceAll(s, secret.PlainText(), "***")