mysql_password (and probably lots of others) is displayed all over the logs when using a single -v

[nazarewk]

Describe the bug

I'm new to pyinfra, trying to rewrite MySQL user management from Ansible, when I try to add some verbosity to understand what is going on (-v flag) I am seeing mysql_password in plain text all over the logs.

mysql is probably not the only place that doesn't sanitize secretd like this.

To Reproduce

Connect to password-protected MySQL database with -v flag.

Expected behavior

I would expect all possibly sensitive information to be masked out from logging, unless (or even when) I use the maximum verbosity. It cloud go as far as using separate flag like --debug-secret to unmask those.

Meta

in pyinfra 2.9.2

@Fizzadar mentioned on Matrix chat:

I see yep, when used as a fact argument, that's a miss in the hiding there

[Fizzadar]

This is unfortunate. A lot of work went into the MaskString and various string command classes, unfortunately fact arguments are bypassing that entirely.