VULN-44842 Add a flag that allows users to not send the Access JWT to…

… stdout
cloudflare · Nov 16, 2023 · 45236a1 · 45236a1
1 parent e0a55f9
commit 45236a1
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go
@@ -26,6 +26,7 @@ import (
 )
 
 const (
+	loginQuietFlag     = "quiet"
 	sshHostnameFlag    = "hostname"
 	sshDestinationFlag = "destination"
 	sshURLFlag         = "url"
@@ -90,6 +91,13 @@ func Commands() []*cli.Command {
 					Once authenticated with your identity provider, the login command will generate a JSON Web Token (JWT)
 					scoped to your identity, the application you intend to reach, and valid for a session duration set by your
 					administrator. cloudflared stores the token in local storage.`,
+					Flags: []cli.Flag{
+						&cli.BoolFlag{
+							Name:    loginQuietFlag,
+							Aliases: []string{"q"},
+							Usage:   "do not print the jwt to the command line",
+						},
+					},
 				},
 				{
 					Name:   "curl",
@@ -246,6 +254,10 @@ func login(c *cli.Context) error {
 		fmt.Fprintln(os.Stderr, "token for provided application was empty.")
 		return errors.New("empty application token")
 	}
+
+	if c.Bool(loginQuietFlag) {
+		return nil
+	}
 	fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)
 
 	return nil