Masking parameters passed in API call


I’m trying to find a way to hide some custom variables during an API call.
Basically, it would be nice to either:

  • Mask some or all variables that are substituted (the same way a secret is masked).
    I’m not sure how we could achieve this, but something like defining a variable with a setting.
    For instance:

mask: true

  • Change the log level for an individual step (either with a setting in the step, stage, pipeline).
    That way, we cloud still see commands in the logs on most steps except when there’s sensitive information that has been received.

It’s just inconvenient when there’s sensitive information that can’t be stored in a secret (since it’s not static) and you need the variable to be substituted before running (e.g. ssh with variables in the command to be used on remote).