1
mirror of https://github.com/rclone/rclone synced 2024-11-21 22:50:16 +01:00

rclone config redacted: implement support mechanism for showing redacted config

This introduces a new fs.Option flag, Sensitive and uses this along
with IsPassword to redact the info in the config file for support
purposes.

It adds this flag into backends where appropriate. It was necessary to
add oauthutil.SharedOptions to some backends as they were missing
them.

Fixes #5209
This commit is contained in:
Nick Craig-Wood 2023-07-06 17:55:53 +01:00
parent 297f15a3e3
commit d0d41fe847
41 changed files with 407 additions and 227 deletions

View File

@ -95,6 +95,7 @@ Leave blank to use SAS URL or Emulator, otherwise it needs to be set.
If this is blank and if env_auth is set it will be read from the If this is blank and if env_auth is set it will be read from the
environment variable ` + "`AZURE_STORAGE_ACCOUNT_NAME`" + ` if possible. environment variable ` + "`AZURE_STORAGE_ACCOUNT_NAME`" + ` if possible.
`, `,
Sensitive: true,
}, { }, {
Name: "env_auth", Name: "env_auth",
Help: `Read credentials from runtime (environment variables, CLI or MSI). Help: `Read credentials from runtime (environment variables, CLI or MSI).
@ -106,11 +107,13 @@ See the [authentication docs](/azureblob#authentication) for full info.`,
Help: `Storage Account Shared Key. Help: `Storage Account Shared Key.
Leave blank to use SAS URL or Emulator.`, Leave blank to use SAS URL or Emulator.`,
Sensitive: true,
}, { }, {
Name: "sas_url", Name: "sas_url",
Help: `SAS URL for container level access only. Help: `SAS URL for container level access only.
Leave blank if using account/key or Emulator.`, Leave blank if using account/key or Emulator.`,
Sensitive: true,
}, { }, {
Name: "tenant", Name: "tenant",
Help: `ID of the service principal's tenant. Also called its directory ID. Help: `ID of the service principal's tenant. Also called its directory ID.
@ -120,6 +123,7 @@ Set this if using
- Service principal with certificate - Service principal with certificate
- User with username and password - User with username and password
`, `,
Sensitive: true,
}, { }, {
Name: "client_id", Name: "client_id",
Help: `The ID of the client in use. Help: `The ID of the client in use.
@ -129,6 +133,7 @@ Set this if using
- Service principal with certificate - Service principal with certificate
- User with username and password - User with username and password
`, `,
Sensitive: true,
}, { }, {
Name: "client_secret", Name: "client_secret",
Help: `One of the service principal's client secrets Help: `One of the service principal's client secrets
@ -136,6 +141,7 @@ Set this if using
Set this if using Set this if using
- Service principal with client secret - Service principal with client secret
`, `,
Sensitive: true,
}, { }, {
Name: "client_certificate_path", Name: "client_certificate_path",
Help: `Path to a PEM or PKCS12 certificate file including the private key. Help: `Path to a PEM or PKCS12 certificate file including the private key.
@ -174,6 +180,7 @@ Set this if using
- User with username and password - User with username and password
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "password", Name: "password",
Help: `The user's password Help: `The user's password
@ -219,14 +226,17 @@ msi_client_id, or msi_mi_res_id parameters.`,
Name: "msi_object_id", Name: "msi_object_id",
Help: "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_mi_res_id specified.", Help: "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_mi_res_id specified.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "msi_client_id", Name: "msi_client_id",
Help: "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_object_id or msi_mi_res_id specified.", Help: "Object ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_object_id or msi_mi_res_id specified.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "msi_mi_res_id", Name: "msi_mi_res_id",
Help: "Azure resource ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_object_id specified.", Help: "Azure resource ID of the user-assigned MSI to use, if any.\n\nLeave blank if msi_client_id or msi_object_id specified.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "use_emulator", Name: "use_emulator",
Help: "Uses local storage emulator if provided as 'true'.\n\nLeave blank if using real azure storage endpoint.", Help: "Uses local storage emulator if provided as 'true'.\n\nLeave blank if using real azure storage endpoint.",

View File

@ -78,10 +78,12 @@ func init() {
Name: "account", Name: "account",
Help: "Account ID or Application Key ID.", Help: "Account ID or Application Key ID.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "key", Name: "key",
Help: "Application Key.", Help: "Application Key.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "endpoint", Name: "endpoint",
Help: "Endpoint for the service.\n\nLeave blank normally.", Help: "Endpoint for the service.\n\nLeave blank normally.",

View File

@ -111,12 +111,14 @@ func init() {
Help: "Fill in for rclone to use a non root folder as its starting point.", Help: "Fill in for rclone to use a non root folder as its starting point.",
Default: "0", Default: "0",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "box_config_file", Name: "box_config_file",
Help: "Box App config.json location\n\nLeave blank normally." + env.ShellExpandHelp, Help: "Box App config.json location\n\nLeave blank normally." + env.ShellExpandHelp,
}, { }, {
Name: "access_token", Name: "access_token",
Help: "Box App Primary Access Token\n\nLeave blank normally.", Help: "Box App Primary Access Token\n\nLeave blank normally.",
Sensitive: true,
}, { }, {
Name: "box_sub_type", Name: "box_sub_type",
Default: "user", Default: "user",

View File

@ -78,6 +78,7 @@ func init() {
}, { }, {
Name: "plex_username", Name: "plex_username",
Help: "The username of the Plex user.", Help: "The username of the Plex user.",
Sensitive: true,
}, { }, {
Name: "plex_password", Name: "plex_password",
Help: "The password of the Plex user.", Help: "The password of the Plex user.",
@ -87,6 +88,7 @@ func init() {
Help: "The plex token for authentication - auto set normally.", Help: "The plex token for authentication - auto set normally.",
Hide: fs.OptionHideBoth, Hide: fs.OptionHideBoth,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "plex_insecure", Name: "plex_insecure",
Help: "Skip all certificate verification when connecting to the Plex server.", Help: "Skip all certificate verification when connecting to the Plex server.",

View File

@ -278,6 +278,7 @@ Fill in to access "Computers" folders (see docs), or for rclone to use
a non root folder as its starting point. a non root folder as its starting point.
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "service_account_file", Name: "service_account_file",
Help: "Service Account Credentials JSON file path.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login." + env.ShellExpandHelp, Help: "Service Account Credentials JSON file path.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login." + env.ShellExpandHelp,
@ -286,11 +287,13 @@ a non root folder as its starting point.
Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.", Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
Hide: fs.OptionHideConfigurator, Hide: fs.OptionHideConfigurator,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "team_drive", Name: "team_drive",
Help: "ID of the Shared Drive (Team Drive).", Help: "ID of the Shared Drive (Team Drive).",
Hide: fs.OptionHideConfigurator, Hide: fs.OptionHideConfigurator,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "auth_owner_only", Name: "auth_owner_only",
Default: false, Default: false,
@ -420,6 +423,7 @@ date is used.`,
Default: "", Default: "",
Help: `Impersonate this user when using a service account.`, Help: `Impersonate this user when using a service account.`,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "alternate_export", Name: "alternate_export",
Default: false, Default: false,
@ -593,6 +597,7 @@ user you've authenticated rclone with) seems to be enough so that the
resource key is no needed. resource key is no needed.
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: config.ConfigEncoding, Name: config.ConfigEncoding,
Help: config.ConfigEncodingHelp, Help: config.ConfigEncodingHelp,

View File

@ -184,6 +184,7 @@ v1.55 or later is in use everywhere.
`, `,
Default: "", Default: "",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "shared_files", Name: "shared_files",
Help: `Instructs rclone to work on individual shared files. Help: `Instructs rclone to work on individual shared files.

View File

@ -40,6 +40,7 @@ func init() {
Options: []fs.Option{{ Options: []fs.Option{{
Help: "Your API Key, get it from https://1fichier.com/console/params.pl.", Help: "Your API Key, get it from https://1fichier.com/console/params.pl.",
Name: "api_key", Name: "api_key",
Sensitive: true,
}, { }, {
Help: "If you want to download a shared folder, add this parameter.", Help: "If you want to download a shared folder, add this parameter.",
Name: "shared_folder", Name: "shared_folder",

View File

@ -84,6 +84,7 @@ Leave blank normally.
Fill in to make rclone start with directory of a given ID. Fill in to make rclone start with directory of a given ID.
`, `,
Sensitive: true,
}, { }, {
Name: "permanent_token", Name: "permanent_token",
Help: `Permanent Authentication Token. Help: `Permanent Authentication Token.
@ -97,6 +98,7 @@ These tokens are normally valid for several years.
For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
`, `,
Sensitive: true,
}, { }, {
Name: "token", Name: "token",
Help: `Session Token. Help: `Session Token.
@ -107,6 +109,7 @@ usually valid for 1 hour.
Don't set this value - rclone will set it automatically. Don't set this value - rclone will set it automatically.
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "token_expiry", Name: "token_expiry",
Help: `Token expiry time. Help: `Token expiry time.

View File

@ -51,10 +51,12 @@ func init() {
Name: "host", Name: "host",
Help: "FTP host to connect to.\n\nE.g. \"ftp.example.com\".", Help: "FTP host to connect to.\n\nE.g. \"ftp.example.com\".",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "user", Name: "user",
Help: "FTP username.", Help: "FTP username.",
Default: currentUser, Default: currentUser,
Sensitive: true,
}, { }, {
Name: "port", Name: "port",
Help: "FTP port number.", Help: "FTP port number.",

View File

@ -93,9 +93,11 @@ func init() {
Options: append(oauthutil.SharedOptions, []fs.Option{{ Options: append(oauthutil.SharedOptions, []fs.Option{{
Name: "project_number", Name: "project_number",
Help: "Project number.\n\nOptional - needed only for list/create/delete buckets - see your developer console.", Help: "Project number.\n\nOptional - needed only for list/create/delete buckets - see your developer console.",
Sensitive: true,
}, { }, {
Name: "user_project", Name: "user_project",
Help: "User project.\n\nOptional - needed only for requester pays.", Help: "User project.\n\nOptional - needed only for requester pays.",
Sensitive: true,
}, { }, {
Name: "service_account_file", Name: "service_account_file",
Help: "Service Account Credentials JSON file path.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login." + env.ShellExpandHelp, Help: "Service Account Credentials JSON file path.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login." + env.ShellExpandHelp,
@ -103,6 +105,7 @@ func init() {
Name: "service_account_credentials", Name: "service_account_credentials",
Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.", Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
Hide: fs.OptionHideBoth, Hide: fs.OptionHideBoth,
Sensitive: true,
}, { }, {
Name: "anonymous", Name: "anonymous",
Help: "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.", Help: "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.",

View File

@ -22,6 +22,7 @@ func init() {
Name: "namenode", Name: "namenode",
Help: "Hadoop name node and port.\n\nE.g. \"namenode:8020\" to connect to host namenode at port 8020.", Help: "Hadoop name node and port.\n\nE.g. \"namenode:8020\" to connect to host namenode at port 8020.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "username", Name: "username",
Help: "Hadoop user name.", Help: "Hadoop user name.",
@ -29,6 +30,7 @@ func init() {
Value: "root", Value: "root",
Help: "Connect to hdfs as root.", Help: "Connect to hdfs as root.",
}}, }},
Sensitive: true,
}, { }, {
Name: "service_principal_name", Name: "service_principal_name",
Help: `Kerberos service principal name for the namenode. Help: `Kerberos service principal name for the namenode.
@ -37,6 +39,7 @@ Enables KERBEROS authentication. Specifies the Service Principal Name
(SERVICE/FQDN) for the namenode. E.g. \"hdfs/namenode.hadoop.docker\" (SERVICE/FQDN) for the namenode. E.g. \"hdfs/namenode.hadoop.docker\"
for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.`, for namenode running as service 'hdfs' with FQDN 'namenode.hadoop.docker'.`,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "data_transfer_protection", Name: "data_transfer_protection",
Help: `Kerberos data transfer protection: authentication|integrity|privacy. Help: `Kerberos data transfer protection: authentication|integrity|privacy.

View File

@ -135,9 +135,11 @@ Owner is able to add custom keys. Metadata feature grabs all the keys including
Options: []fs.Option{{ Options: []fs.Option{{
Name: "access_key_id", Name: "access_key_id",
Help: "IAS3 Access Key.\n\nLeave blank for anonymous access.\nYou can find one here: https://archive.org/account/s3.php", Help: "IAS3 Access Key.\n\nLeave blank for anonymous access.\nYou can find one here: https://archive.org/account/s3.php",
Sensitive: true,
}, { }, {
Name: "secret_access_key", Name: "secret_access_key",
Help: "IAS3 Secret Key (password).\n\nLeave blank for anonymous access.", Help: "IAS3 Secret Key (password).\n\nLeave blank for anonymous access.",
Sensitive: true,
}, { }, {
// their official client (https://github.com/jjjake/internetarchive) hardcodes following the two // their official client (https://github.com/jjjake/internetarchive) hardcodes following the two
Name: "endpoint", Name: "endpoint",

View File

@ -88,7 +88,7 @@ func init() {
Description: "Jottacloud", Description: "Jottacloud",
NewFs: NewFs, NewFs: NewFs,
Config: Config, Config: Config,
Options: []fs.Option{{ Options: append(oauthutil.SharedOptions, []fs.Option{{
Name: "md5_memory_limit", Name: "md5_memory_limit",
Help: "Files bigger than this will be cached on disk to calculate the MD5 if required.", Help: "Files bigger than this will be cached on disk to calculate the MD5 if required.",
Default: fs.SizeSuffix(10 * 1024 * 1024), Default: fs.SizeSuffix(10 * 1024 * 1024),
@ -123,7 +123,7 @@ func init() {
Default: (encoder.Display | Default: (encoder.Display |
encoder.EncodeWin | // :?"*<>| encoder.EncodeWin | // :?"*<>|
encoder.EncodeInvalidUtf8), encoder.EncodeInvalidUtf8),
}}, }}...),
}) })
} }

View File

@ -64,6 +64,7 @@ func init() {
Name: "user", Name: "user",
Help: "Your user name.", Help: "Your user name.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "password", Name: "password",
Help: "Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).", Help: "Your password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password).",

View File

@ -85,10 +85,11 @@ func init() {
Name: "mailru", Name: "mailru",
Description: "Mail.ru Cloud", Description: "Mail.ru Cloud",
NewFs: NewFs, NewFs: NewFs,
Options: []fs.Option{{ Options: append(oauthutil.SharedOptions, []fs.Option{{
Name: "user", Name: "user",
Help: "User name (usually email).", Help: "User name (usually email).",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "pass", Name: "pass",
Help: `Password. Help: `Password.
@ -213,7 +214,7 @@ Supported quirks: atomicmkdir binlist unknowndirs`,
encoder.EncodeWin | // :?"*<>| encoder.EncodeWin | // :?"*<>|
encoder.EncodeBackSlash | encoder.EncodeBackSlash |
encoder.EncodeInvalidUtf8), encoder.EncodeInvalidUtf8),
}}, }}...),
}) })
} }

View File

@ -61,6 +61,7 @@ func init() {
Name: "user", Name: "user",
Help: "User name.", Help: "User name.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "pass", Name: "pass",
Help: "Password.", Help: "Password.",

View File

@ -66,10 +66,12 @@ HTTP is provided primarily for debugging purposes.`,
Format should be ` + "`<domain>/<internal folders>`", Format should be ` + "`<domain>/<internal folders>`",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "account", Name: "account",
Help: "Set the NetStorage account name", Help: "Set the NetStorage account name",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "secret", Name: "secret",
Help: `Set the NetStorage account secret/G2O key for authentication. Help: `Set the NetStorage account secret/G2O key for authentication.

View File

@ -135,6 +135,7 @@ Note that the chunks will be buffered into memory.`,
Help: "The ID of the drive to use.", Help: "The ID of the drive to use.",
Default: "", Default: "",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "drive_type", Name: "drive_type",
Help: "The type of the drive (" + driveTypePersonal + " | " + driveTypeBusiness + " | " + driveTypeSharepoint + ").", Help: "The type of the drive (" + driveTypePersonal + " | " + driveTypeBusiness + " | " + driveTypeSharepoint + ").",
@ -149,6 +150,7 @@ know the folder ID that you wish to access but not be able to get
there through a path traversal. there through a path traversal.
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "access_scopes", Name: "access_scopes",
Help: `Set scopes to be requested by rclone. Help: `Set scopes to be requested by rclone.
@ -261,6 +263,7 @@ this flag there.
At the time of writing this only works with OneDrive personal paid accounts. At the time of writing this only works with OneDrive personal paid accounts.
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "hash_type", Name: "hash_type",
Default: "auto", Default: "auto",

View File

@ -45,6 +45,7 @@ func init() {
Name: "username", Name: "username",
Help: "Username.", Help: "Username.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "password", Name: "password",
Help: "Password.", Help: "Password.",

View File

@ -95,11 +95,13 @@ func newOptions() []fs.Option {
Name: "namespace", Name: "namespace",
Help: "Object storage namespace", Help: "Object storage namespace",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "compartment", Name: "compartment",
Help: "Object storage compartment OCID", Help: "Object storage compartment OCID",
Provider: "!no_auth", Provider: "!no_auth",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "region", Name: "region",
Help: "Object storage Region", Help: "Object storage Region",

View File

@ -114,6 +114,7 @@ func init() {
Help: "Fill in for rclone to use a non root folder as its starting point.", Help: "Fill in for rclone to use a non root folder as its starting point.",
Default: "d0", Default: "d0",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "hostname", Name: "hostname",
Help: `Hostname to connect to. Help: `Hostname to connect to.
@ -139,6 +140,7 @@ This is only required when you want to use the cleanup command. Due to a bug
in the pcloud API the required API does not support OAuth authentication so in the pcloud API the required API does not support OAuth authentication so
we have to rely on user password authentication for it.`, we have to rely on user password authentication for it.`,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "password", Name: "password",
Help: "Your pcloud password.", Help: "Your pcloud password.",

View File

@ -161,6 +161,7 @@ func init() {
Name: "user", Name: "user",
Help: "Pikpak username.", Help: "Pikpak username.",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "pass", Name: "pass",
Help: "Pikpak password.", Help: "Pikpak password.",
@ -174,6 +175,7 @@ Leave blank normally.
Fill in for rclone to use a non root folder as its starting point. Fill in for rclone to use a non root folder as its starting point.
`, `,
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "use_trash", Name: "use_trash",
Default: true, Default: true,

View File

@ -82,7 +82,7 @@ func init() {
OAuth2Config: oauthConfig, OAuth2Config: oauthConfig,
}) })
}, },
Options: []fs.Option{{ Options: append(oauthutil.SharedOptions, []fs.Option{{
Name: "api_key", Name: "api_key",
Help: `API Key. Help: `API Key.
@ -90,6 +90,7 @@ This is not normally used - use oauth instead.
`, `,
Hide: fs.OptionHideBoth, Hide: fs.OptionHideBoth,
Default: "", Default: "",
Sensitive: true,
}, { }, {
Name: config.ConfigEncoding, Name: config.ConfigEncoding,
Help: config.ConfigEncodingHelp, Help: config.ConfigEncodingHelp,
@ -99,7 +100,7 @@ This is not normally used - use oauth instead.
encoder.EncodeBackSlash | encoder.EncodeBackSlash |
encoder.EncodeDoubleQuote | encoder.EncodeDoubleQuote |
encoder.EncodeInvalidUtf8), encoder.EncodeInvalidUtf8),
}}, }}...),
}) })
} }

View File

@ -67,7 +67,7 @@ func init() {
NoOffline: true, NoOffline: true,
}) })
}, },
Options: []fs.Option{{ Options: append(oauthutil.SharedOptions, []fs.Option{{
Name: config.ConfigEncoding, Name: config.ConfigEncoding,
Help: config.ConfigEncodingHelp, Help: config.ConfigEncodingHelp,
Advanced: true, Advanced: true,
@ -77,7 +77,7 @@ func init() {
Default: (encoder.Display | Default: (encoder.Display |
encoder.EncodeBackSlash | encoder.EncodeBackSlash |
encoder.EncodeInvalidUtf8), encoder.EncodeInvalidUtf8),
}}, }}...),
}) })
} }

View File

@ -51,9 +51,11 @@ func init() {
}, { }, {
Name: "access_key_id", Name: "access_key_id",
Help: "QingStor Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.", Help: "QingStor Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.",
Sensitive: true,
}, { }, {
Name: "secret_access_key", Name: "secret_access_key",
Help: "QingStor Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.", Help: "QingStor Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.",
Sensitive: true,
}, { }, {
Name: "endpoint", Name: "endpoint",
Help: "Enter an endpoint URL to connection QingStor API.\n\nLeave blank will use the default value \"https://qingstor.com:443\".", Help: "Enter an endpoint URL to connection QingStor API.\n\nLeave blank will use the default value \"https://qingstor.com:443\".",

View File

@ -184,9 +184,11 @@ func init() {
}, { }, {
Name: "access_key_id", Name: "access_key_id",
Help: "AWS Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.", Help: "AWS Access Key ID.\n\nLeave blank for anonymous access or runtime credentials.",
Sensitive: true,
}, { }, {
Name: "secret_access_key", Name: "secret_access_key",
Help: "AWS Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.", Help: "AWS Secret Access Key (password).\n\nLeave blank for anonymous access or runtime credentials.",
Sensitive: true,
}, { }, {
// References: // References:
// 1. https://docs.aws.amazon.com/general/latest/gr/rande.html // 1. https://docs.aws.amazon.com/general/latest/gr/rande.html
@ -1818,6 +1820,7 @@ header is added and the default (private) will be used.
Value: "arn:aws:kms:us-east-1:*", Value: "arn:aws:kms:us-east-1:*",
Help: "arn:aws:kms:*", Help: "arn:aws:kms:*",
}}, }},
Sensitive: true,
}, { }, {
Name: "sse_customer_key", Name: "sse_customer_key",
Help: `To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data. Help: `To use SSE-C you may provide the secret encryption key used to encrypt/decrypt your data.
@ -1829,6 +1832,7 @@ Alternatively you can provide --sse-customer-key-base64.`,
Value: "", Value: "",
Help: "None", Help: "None",
}}, }},
Sensitive: true,
}, { }, {
Name: "sse_customer_key_base64", Name: "sse_customer_key_base64",
Help: `If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data. Help: `If using SSE-C you must provide the secret encryption key encoded in base64 format to encrypt/decrypt your data.
@ -1840,6 +1844,7 @@ Alternatively you can provide --sse-customer-key.`,
Value: "", Value: "",
Help: "None", Help: "None",
}}, }},
Sensitive: true,
}, { }, {
Name: "sse_customer_key_md5", Name: "sse_customer_key_md5",
Help: `If using SSE-C you may provide the secret encryption key MD5 checksum (optional). Help: `If using SSE-C you may provide the secret encryption key MD5 checksum (optional).
@ -1852,6 +1857,7 @@ If you leave it blank, this is calculated automatically from the sse_customer_ke
Value: "", Value: "",
Help: "None", Help: "None",
}}, }},
Sensitive: true,
}, { }, {
Name: "storage_class", Name: "storage_class",
Help: "The storage class to use when storing new objects in S3.", Help: "The storage class to use when storing new objects in S3.",
@ -2096,6 +2102,7 @@ If empty it will default to the environment variable "AWS_PROFILE" or
Name: "session_token", Name: "session_token",
Help: "An AWS session token.", Help: "An AWS session token.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "upload_concurrency", Name: "upload_concurrency",
Help: `Concurrency for multipart uploads. Help: `Concurrency for multipart uploads.

View File

@ -67,15 +67,18 @@ func init() {
Value: "https://cloud.seafile.com/", Value: "https://cloud.seafile.com/",
Help: "Connect to cloud.seafile.com.", Help: "Connect to cloud.seafile.com.",
}}, }},
Sensitive: true,
}, { }, {
Name: configUser, Name: configUser,
Help: "User name (usually email address).", Help: "User name (usually email address).",
Required: true, Required: true,
Sensitive: true,
}, { }, {
// Password is not required, it will be left blank for 2FA // Password is not required, it will be left blank for 2FA
Name: configPassword, Name: configPassword,
Help: "Password.", Help: "Password.",
IsPassword: true, IsPassword: true,
Sensitive: true,
}, { }, {
Name: config2FA, Name: config2FA,
Help: "Two-factor authentication ('true' if the account has 2FA enabled).", Help: "Two-factor authentication ('true' if the account has 2FA enabled).",
@ -87,6 +90,7 @@ func init() {
Name: configLibraryKey, Name: configLibraryKey,
Help: "Library password (for encrypted libraries only).\n\nLeave blank if you pass it through the command line.", Help: "Library password (for encrypted libraries only).\n\nLeave blank if you pass it through the command line.",
IsPassword: true, IsPassword: true,
Sensitive: true,
}, { }, {
Name: configCreateLibrary, Name: configCreateLibrary,
Help: "Should rclone create a library if it doesn't exist.", Help: "Should rclone create a library if it doesn't exist.",
@ -97,6 +101,7 @@ func init() {
Name: configAuthToken, Name: configAuthToken,
Help: "Authentication token.", Help: "Authentication token.",
Hide: fs.OptionHideBoth, Hide: fs.OptionHideBoth,
Sensitive: true,
}, { }, {
Name: config.ConfigEncoding, Name: config.ConfigEncoding,
Help: config.ConfigEncodingHelp, Help: config.ConfigEncodingHelp,

View File

@ -62,10 +62,12 @@ func init() {
Name: "host", Name: "host",
Help: "SSH host to connect to.\n\nE.g. \"example.com\".", Help: "SSH host to connect to.\n\nE.g. \"example.com\".",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "user", Name: "user",
Help: "SSH username.", Help: "SSH username.",
Default: currentUser, Default: currentUser,
Sensitive: true,
}, { }, {
Name: "port", Name: "port",
Help: "SSH port number.", Help: "SSH port number.",
@ -77,6 +79,7 @@ func init() {
}, { }, {
Name: "key_pem", Name: "key_pem",
Help: "Raw PEM-encoded private key.\n\nIf specified, will override key_file parameter.", Help: "Raw PEM-encoded private key.\n\nIf specified, will override key_file parameter.",
Sensitive: true,
}, { }, {
Name: "key_file", Name: "key_file",
Help: "Path to PEM-encoded private key file.\n\nLeave blank or set key-use-agent to use ssh-agent." + env.ShellExpandHelp, Help: "Path to PEM-encoded private key file.\n\nLeave blank or set key-use-agent to use ssh-agent." + env.ShellExpandHelp,
@ -87,6 +90,7 @@ func init() {
Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keys Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keys
in the new OpenSSH format can't be used.`, in the new OpenSSH format can't be used.`,
IsPassword: true, IsPassword: true,
Sensitive: true,
}, { }, {
Name: "pubkey_file", Name: "pubkey_file",
Help: `Optional path to public key file. Help: `Optional path to public key file.

View File

@ -155,7 +155,7 @@ func init() {
CheckAuth: checkAuth, CheckAuth: checkAuth,
}) })
}, },
Options: []fs.Option{{ Options: append(oauthutil.SharedOptions, []fs.Option{{
Name: "upload_cutoff", Name: "upload_cutoff",
Help: "Cutoff for switching to multipart upload.", Help: "Cutoff for switching to multipart upload.",
Default: defaultUploadCutoff, Default: defaultUploadCutoff,
@ -182,6 +182,7 @@ standard values here or any folder ID (long hex number ID).`,
Value: "top", Value: "top",
Help: "Access the home, favorites, and shared folders as well as the connectors.", Help: "Access the home, favorites, and shared folders as well as the connectors.",
}}, }},
Sensitive: true,
}, { }, {
Name: "chunk_size", Name: "chunk_size",
Default: defaultChunkSize, Default: defaultChunkSize,
@ -216,7 +217,7 @@ be set manually to something like: https://XXX.sharefile.com
encoder.EncodeLeftSpace | encoder.EncodeLeftSpace |
encoder.EncodeLeftPeriod | encoder.EncodeLeftPeriod |
encoder.EncodeInvalidUtf8), encoder.EncodeInvalidUtf8),
}}, }}...),
}) })
} }

View File

@ -46,6 +46,7 @@ func init() {
Note that siad must run with --disable-api-security to open API port for other hosts (not recommended). Note that siad must run with --disable-api-security to open API port for other hosts (not recommended).
Keep default if Sia daemon runs on localhost.`, Keep default if Sia daemon runs on localhost.`,
Default: "http://127.0.0.1:9980", Default: "http://127.0.0.1:9980",
Sensitive: true,
}, { }, {
Name: "api_password", Name: "api_password",
Help: `Sia Daemon API Password. Help: `Sia Daemon API Password.

View File

@ -44,10 +44,12 @@ func init() {
Name: "host", Name: "host",
Help: "SMB server hostname to connect to.\n\nE.g. \"example.com\".", Help: "SMB server hostname to connect to.\n\nE.g. \"example.com\".",
Required: true, Required: true,
Sensitive: true,
}, { }, {
Name: "user", Name: "user",
Help: "SMB username.", Help: "SMB username.",
Default: currentUser, Default: currentUser,
Sensitive: true,
}, { }, {
Name: "port", Name: "port",
Help: "SMB port number.", Help: "SMB port number.",
@ -60,6 +62,7 @@ func init() {
Name: "domain", Name: "domain",
Help: "Domain name for NTLM authentication.", Help: "Domain name for NTLM authentication.",
Default: "WORKGROUP", Default: "WORKGROUP",
Sensitive: true,
}, { }, {
Name: "spn", Name: "spn",
Help: `Service principal name. Help: `Service principal name.
@ -71,6 +74,7 @@ authentication, and it often needs to be set for clusters. For example:
Leave blank if not sure. Leave blank if not sure.
`, `,
Sensitive: true,
}, { }, {
Name: "idle_timeout", Name: "idle_timeout",
Default: fs.Duration(60 * time.Second), Default: fs.Duration(60 * time.Second),

View File

@ -101,6 +101,7 @@ func init() {
Name: "access_grant", Name: "access_grant",
Help: "Access grant.", Help: "Access grant.",
Provider: "existing", Provider: "existing",
Sensitive: true,
}, },
{ {
Name: "satellite_address", Name: "satellite_address",
@ -123,11 +124,13 @@ func init() {
Name: "api_key", Name: "api_key",
Help: "API key.", Help: "API key.",
Provider: newProvider, Provider: newProvider,
Sensitive: true,
}, },
{ {
Name: "passphrase", Name: "passphrase",
Help: "Encryption passphrase.\n\nTo access existing objects enter passphrase used for uploading.", Help: "Encryption passphrase.\n\nTo access existing objects enter passphrase used for uploading.",
Provider: newProvider, Provider: newProvider,
Sensitive: true,
}, },
}, },
}) })

View File

@ -134,12 +134,15 @@ func init() {
}, Options: []fs.Option{{ }, Options: []fs.Option{{
Name: "app_id", Name: "app_id",
Help: "Sugarsync App ID.\n\nLeave blank to use rclone's.", Help: "Sugarsync App ID.\n\nLeave blank to use rclone's.",
Sensitive: true,
}, { }, {
Name: "access_key_id", Name: "access_key_id",
Help: "Sugarsync Access Key ID.\n\nLeave blank to use rclone's.", Help: "Sugarsync Access Key ID.\n\nLeave blank to use rclone's.",
Sensitive: true,
}, { }, {
Name: "private_access_key", Name: "private_access_key",
Help: "Sugarsync Private Access Key.\n\nLeave blank to use rclone's.", Help: "Sugarsync Private Access Key.\n\nLeave blank to use rclone's.",
Sensitive: true,
}, { }, {
Name: "hard_delete", Name: "hard_delete",
Help: "Permanently delete files if true\notherwise put them in the deleted files.", Help: "Permanently delete files if true\notherwise put them in the deleted files.",
@ -148,10 +151,12 @@ func init() {
Name: "refresh_token", Name: "refresh_token",
Help: "Sugarsync refresh token.\n\nLeave blank normally, will be auto configured by rclone.", Help: "Sugarsync refresh token.\n\nLeave blank normally, will be auto configured by rclone.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "authorization", Name: "authorization",
Help: "Sugarsync authorization.\n\nLeave blank normally, will be auto configured by rclone.", Help: "Sugarsync authorization.\n\nLeave blank normally, will be auto configured by rclone.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "authorization_expiry", Name: "authorization_expiry",
Help: "Sugarsync authorization expiry.\n\nLeave blank normally, will be auto configured by rclone.", Help: "Sugarsync authorization expiry.\n\nLeave blank normally, will be auto configured by rclone.",
@ -160,14 +165,17 @@ func init() {
Name: "user", Name: "user",
Help: "Sugarsync user.\n\nLeave blank normally, will be auto configured by rclone.", Help: "Sugarsync user.\n\nLeave blank normally, will be auto configured by rclone.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "root_id", Name: "root_id",
Help: "Sugarsync root id.\n\nLeave blank normally, will be auto configured by rclone.", Help: "Sugarsync root id.\n\nLeave blank normally, will be auto configured by rclone.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: "deleted_id", Name: "deleted_id",
Help: "Sugarsync deleted folder id.\n\nLeave blank normally, will be auto configured by rclone.", Help: "Sugarsync deleted folder id.\n\nLeave blank normally, will be auto configured by rclone.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: config.ConfigEncoding, Name: config.ConfigEncoding,
Help: config.ConfigEncodingHelp, Help: config.ConfigEncodingHelp,

View File

@ -118,9 +118,11 @@ func init() {
}, { }, {
Name: "user", Name: "user",
Help: "User name to log in (OS_USERNAME).", Help: "User name to log in (OS_USERNAME).",
Sensitive: true,
}, { }, {
Name: "key", Name: "key",
Help: "API key or password (OS_PASSWORD).", Help: "API key or password (OS_PASSWORD).",
Sensitive: true,
}, { }, {
Name: "auth", Name: "auth",
Help: "Authentication URL for server (OS_AUTH_URL).", Help: "Authentication URL for server (OS_AUTH_URL).",
@ -149,18 +151,23 @@ func init() {
}, { }, {
Name: "user_id", Name: "user_id",
Help: "User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).", Help: "User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).",
Sensitive: true,
}, { }, {
Name: "domain", Name: "domain",
Help: "User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)", Help: "User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)",
Sensitive: true,
}, { }, {
Name: "tenant", Name: "tenant",
Help: "Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).", Help: "Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME).",
Sensitive: true,
}, { }, {
Name: "tenant_id", Name: "tenant_id",
Help: "Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).", Help: "Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID).",
Sensitive: true,
}, { }, {
Name: "tenant_domain", Name: "tenant_domain",
Help: "Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).", Help: "Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME).",
Sensitive: true,
}, { }, {
Name: "region", Name: "region",
Help: "Region name - optional (OS_REGION_NAME).", Help: "Region name - optional (OS_REGION_NAME).",
@ -170,15 +177,19 @@ func init() {
}, { }, {
Name: "auth_token", Name: "auth_token",
Help: "Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).", Help: "Auth Token from alternate authentication - optional (OS_AUTH_TOKEN).",
Sensitive: true,
}, { }, {
Name: "application_credential_id", Name: "application_credential_id",
Help: "Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).", Help: "Application Credential ID (OS_APPLICATION_CREDENTIAL_ID).",
Sensitive: true,
}, { }, {
Name: "application_credential_name", Name: "application_credential_name",
Help: "Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).", Help: "Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME).",
Sensitive: true,
}, { }, {
Name: "application_credential_secret", Name: "application_credential_secret",
Help: "Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).", Help: "Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET).",
Sensitive: true,
}, { }, {
Name: "auth_version", Name: "auth_version",
Help: "AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).", Help: "AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION).",

View File

@ -45,6 +45,7 @@ func init() {
Options: []fs.Option{{ Options: []fs.Option{{
Help: "Your access token.\n\nGet it from https://uptobox.com/my_account.", Help: "Your access token.\n\nGet it from https://uptobox.com/my_account.",
Name: "access_token", Name: "access_token",
Sensitive: true,
}, { }, {
Help: "Set to make uploaded files private", Help: "Set to make uploaded files private",
Name: "private", Name: "private",

View File

@ -98,6 +98,7 @@ func init() {
}, { }, {
Name: "user", Name: "user",
Help: "User name.\n\nIn case NTLM authentication is used, the username should be in the format 'Domain\\User'.", Help: "User name.\n\nIn case NTLM authentication is used, the username should be in the format 'Domain\\User'.",
Sensitive: true,
}, { }, {
Name: "pass", Name: "pass",
Help: "Password.", Help: "Password.",
@ -105,6 +106,7 @@ func init() {
}, { }, {
Name: "bearer_token", Name: "bearer_token",
Help: "Bearer token instead of user/pass (e.g. a Macaroon).", Help: "Bearer token instead of user/pass (e.g. a Macaroon).",
Sensitive: true,
}, { }, {
Name: "bearer_token_command", Name: "bearer_token_command",
Help: "Command to run to get a bearer token.", Help: "Command to run to get a bearer token.",

View File

@ -26,6 +26,7 @@ func init() {
configCommand.AddCommand(configTouchCommand) configCommand.AddCommand(configTouchCommand)
configCommand.AddCommand(configPathsCommand) configCommand.AddCommand(configPathsCommand)
configCommand.AddCommand(configShowCommand) configCommand.AddCommand(configShowCommand)
configCommand.AddCommand(configRedactedCommand)
configCommand.AddCommand(configDumpCommand) configCommand.AddCommand(configDumpCommand)
configCommand.AddCommand(configProvidersCommand) configCommand.AddCommand(configProvidersCommand)
configCommand.AddCommand(configCreateCommand) configCommand.AddCommand(configCreateCommand)
@ -118,6 +119,35 @@ var configShowCommand = &cobra.Command{
}, },
} }
var configRedactedCommand = &cobra.Command{
Use: "redacted [<remote>]",
Short: `Print redacted (decrypted) config file, or the redacted config for a single remote.`,
Long: `This prints a redacted copy of the config file, either the
whole config file or for a given remote.
The config file will be redacted by replacing all passwords and other
sensitive info with XXX.
This makes the config file suitable for posting online for support.
It should be double checked before posting as the redaction may not be perfect.
`,
Annotations: map[string]string{
"versionIntroduced": "v1.64",
},
Run: func(command *cobra.Command, args []string) {
cmd.CheckArgs(0, 1, command, args)
if len(args) == 0 {
config.ShowRedactedConfig()
} else {
name := strings.TrimRight(args[0], ":")
config.ShowRedactedRemote(name)
}
fmt.Println("### Double check the config for sensitive info before posting publicly")
},
}
var configDumpCommand = &cobra.Command{ var configDumpCommand = &cobra.Command{
Use: "dump", Use: "dump",
Short: `Dump the config file as JSON.`, Short: `Dump the config file as JSON.`,

View File

@ -302,19 +302,41 @@ func mustFindByName(name string) *fs.RegInfo {
return fs.MustFind(fsType) return fs.MustFind(fsType)
} }
// findByName finds the RegInfo for the remote name passed in or
// returns an error
func findByName(name string) (*fs.RegInfo, error) {
fsType := FileGet(name, "type")
if fsType == "" {
return nil, fmt.Errorf("couldn't find type of fs for %q", name)
}
return fs.Find(fsType)
}
// printRemoteOptions prints the options of the remote // printRemoteOptions prints the options of the remote
func printRemoteOptions(name string, prefix string, sep string) { func printRemoteOptions(name string, prefix string, sep string, redacted bool) {
fs := mustFindByName(name) fsInfo, err := findByName(name)
if err != nil {
fmt.Printf("# %v\n", err)
fsInfo = nil
}
for _, key := range LoadedData().GetKeyList(name) { for _, key := range LoadedData().GetKeyList(name) {
isPassword := false isPassword := false
for _, option := range fs.Options { isSensitive := false
if option.Name == key && option.IsPassword { if fsInfo != nil {
for _, option := range fsInfo.Options {
if option.Name == key {
if option.IsPassword {
isPassword = true isPassword = true
break } else if option.Sensitive {
isSensitive = true
}
}
} }
} }
value := FileGet(name, key) value := FileGet(name, key)
if isPassword && value != "" { if redacted && (isSensitive || isPassword) && value != "" {
fmt.Printf("%s%s%sXXX\n", prefix, key, sep)
} else if isPassword && value != "" {
fmt.Printf("%s%s%s*** ENCRYPTED ***\n", prefix, key, sep) fmt.Printf("%s%s%s*** ENCRYPTED ***\n", prefix, key, sep)
} else { } else {
fmt.Printf("%s%s%s%s\n", prefix, key, sep, value) fmt.Printf("%s%s%s%s\n", prefix, key, sep, value)
@ -324,13 +346,19 @@ func printRemoteOptions(name string, prefix string, sep string) {
// listRemoteOptions lists the options of the remote // listRemoteOptions lists the options of the remote
func listRemoteOptions(name string) { func listRemoteOptions(name string) {
printRemoteOptions(name, "- ", ": ") printRemoteOptions(name, "- ", ": ", false)
} }
// ShowRemote shows the contents of the remote in config file format // ShowRemote shows the contents of the remote in config file format
func ShowRemote(name string) { func ShowRemote(name string) {
fmt.Printf("[%s]\n", name) fmt.Printf("[%s]\n", name)
printRemoteOptions(name, "", " = ") printRemoteOptions(name, "", " = ", false)
}
// ShowRedactedRemote shows the contents of the remote in config file format
func ShowRedactedRemote(name string) {
fmt.Printf("[%s]\n", name)
printRemoteOptions(name, "", " = ", true)
} }
// OkRemote prints the contents of the remote and ask if it is OK // OkRemote prints the contents of the remote and ask if it is OK
@ -634,6 +662,22 @@ func ShowConfig() {
fmt.Printf("%s", str) fmt.Printf("%s", str)
} }
// ShowRedactedConfig prints the redacted (unencrypted) config options
func ShowRedactedConfig() {
remotes := LoadedData().GetSectionList()
if len(remotes) == 0 {
fmt.Println("; empty config")
return
}
sort.Strings(remotes)
for i, remote := range remotes {
if i != 0 {
fmt.Println()
}
ShowRedactedRemote(remote)
}
}
// EditConfig edits the config file interactively // EditConfig edits the config file interactively
func EditConfig(ctx context.Context) (err error) { func EditConfig(ctx context.Context) (err error) {
for { for {

View File

@ -243,6 +243,7 @@ func TestOptionMarshalJSON(t *testing.T) {
"NoPrefix": false, "NoPrefix": false,
"Advanced": true, "Advanced": true,
"Exclusive": false, "Exclusive": false,
"Sensitive": false,
"DefaultStr": "false", "DefaultStr": "false",
"ValueStr": "true", "ValueStr": "true",
"Type": "bool" "Type": "bool"

View File

@ -154,6 +154,7 @@ type Option struct {
NoPrefix bool // set if the option for this should not use the backend prefix NoPrefix bool // set if the option for this should not use the backend prefix
Advanced bool // set if this is an advanced config option Advanced bool // set if this is an advanced config option
Exclusive bool // set if the answer can only be one of the examples (empty string allowed unless Required or Default is set) Exclusive bool // set if the answer can only be one of the examples (empty string allowed unless Required or Default is set)
Sensitive bool // set if this option should be redacted when using rclone config redacted
} }
// BaseOption is an alias for Option used internally // BaseOption is an alias for Option used internally

View File

@ -84,13 +84,16 @@ All done. Please go back to rclone.
var SharedOptions = []fs.Option{{ var SharedOptions = []fs.Option{{
Name: config.ConfigClientID, Name: config.ConfigClientID,
Help: "OAuth Client Id.\n\nLeave blank normally.", Help: "OAuth Client Id.\n\nLeave blank normally.",
Sensitive: true,
}, { }, {
Name: config.ConfigClientSecret, Name: config.ConfigClientSecret,
Help: "OAuth Client Secret.\n\nLeave blank normally.", Help: "OAuth Client Secret.\n\nLeave blank normally.",
Sensitive: true,
}, { }, {
Name: config.ConfigToken, Name: config.ConfigToken,
Help: "OAuth Access Token as a JSON blob.", Help: "OAuth Access Token as a JSON blob.",
Advanced: true, Advanced: true,
Sensitive: true,
}, { }, {
Name: config.ConfigAuthURL, Name: config.ConfigAuthURL,
Help: "Auth server URL.\n\nLeave blank to use the provider defaults.", Help: "Auth server URL.\n\nLeave blank to use the provider defaults.",