Merge pull request circleci#7649 from circleci/SERVER-2210/secrets-masking

devinmarieb · web-flow · commit a860fe2ab7e9 · 2022-12-21T12:15:01.000-05:00
fix: Clarify secrets masking is available in server 3.x and 4.x
diff --git a/jekyll/_cci2/env-vars.md b/jekyll/_cci2/env-vars.md
@@ -3,11 +3,12 @@ layout: classic-docs
 title: Introduction to environment variables
 short-title: Environment variables
 description: Introduction to environment variables in CircleCI
-contentTags: 
+contentTags:
   platform:
-  - Cloud
-  - Server v3.x
-  - Server v2.x
+    - Cloud
+    - Server v4.x
+    - Server v3.x
+    - Server v2.x
 suggested:
   - title: Keep environment variables private
     link: https://circleci.com/blog/keep-environment-variables-private-with-secret-masking/
@@ -76,7 +77,7 @@ jobs: # basic units of work in a run
       - image: cimg/node:18.11.0
         auth:
           username: mydockerhub-user
-          password: $DOCKERHUB_PASSWORD  # context / project UI env-var reference
+          password: $DOCKERHUB_PASSWORD # context / project UI env-var reference
     steps: # steps that comprise the `build` job
       - checkout # check out source code to working directory
       # Run a step to setup an environment variable
@@ -156,7 +157,7 @@ jobs:
       - image: cimg/go:1.17.3
         auth:
           username: mydockerhub-user
-          password: $DOCKERHUB_PASSWORD  # context / project UI env-var reference
+          password: $DOCKERHUB_PASSWORD # context / project UI env-var reference
     steps:
       - run: echo "project directory is go/src/github.com/<< parameters.org_name >>/<< parameters.repo_name >>"
 
@@ -170,7 +171,6 @@ workflows:
       - build:
           org_name: my_organization
           repo_name: project2
-
 ```
 
 For more information, read the documentation on [using the parameters declaration]({{site.baseurl}}/reusing-config/#using-the-parameters-declaration).
@@ -222,7 +222,6 @@ You can further restrict access to environment variables using [contexts]({{site
 
 ## See also
 {: #see-also }
-{:.no_toc}
 
 - [Security recommendations]({{site.baseurl}}/security-recommendations)
-- [Inject variables using the CircleCI API]({{site.baseurl}}/inject-environment-variables-with-api/)
+- [Inject variables using the CircleCI API]({{site.baseurl}}/inject-environment-variables-with-api/)
diff --git a/jekyll/_includes/snippets/secrets-masking.md b/jekyll/_includes/snippets/secrets-masking.md
@@ -1,16 +1,17 @@
 ## Secrets masking
+
 {: #secrets-masking }
 
-_Secrets masking is not currently available on self-hosted installations of CircleCI server._
+_Secrets masking is not available on version 2.x of self-hosted installations of CircleCI server._
 
 Environment variables and contexts may hold project secrets or keys that perform crucial functions for your applications. Secrets masking provides added security within CircleCI by obscuring environment variables in the job output when `echo` or `print` is used.
 
 Secrets masking is applied to environment variables set within **Project Settings** or **Contexts** in the web app.
 
 The value of the environment variable or context will _not_ be masked in the job output if:
 
-* the value of the environment variable is less than 4 characters
-* the value of the environment variable is equal to one of `true`, `True`, `false`, or `False`
+- the value of the environment variable is less than 4 characters
+- the value of the environment variable is equal to one of `true`, `True`, `false`, or `False`
 
 Secrets masking will only prevent values from appearing in your job output. Invoking a bash shell with the `-x` or `-o xtrace` options may inadvertantly log unmasked secrets (please refer to [Using shell scripts]({{site.baseurl}}/using-shell-scripts)). If your secrets appear elsewhere, such as test results or artifacts, they will not be masked. Additionally, values are still accessible to users [debugging builds with SSH]({{site.baseurl}}/ssh-access-jobs).
 {: class="alert alert-warning"}
