Hi,

I need to write a sed that replaces the value of all environment variables that have PASS in the name with ***** . I have a log file who prints the value of all environment variables ,including those who hold passwords. In the name of these variables I found always the PASS string, ex: OP_ORA_PASS, OP_DSU_PASS,etc.

What I did until now is the next sed :
sed 's/'"$OP_ORA_PASS"'/******/g;s/'"$DSU_ORA_PASS"'/******/g'

I need an improvment so that the sed will check and replace all the variables with PASS in the name,kind of $*_PASS.

Thank you for your help.

Please provide an example of your current logfile; otherwise, we're likely to miss a corner case.

Also, you say you're replacing the values of those variables, but it looks like you're just changing the name to "*****". So an example of ideal output from your logfile snippet would be appreciated, too.

If I understand you right, you are going to add some filter into the print-env-var-script?!
If so, (assuming the environment printed out with variable names) you coud 'sed' for any line with substring 'PASS=' and replase following with '*****': - so, it's remembering as \1 a beggining of a string with 'PASS=' and replace that string with the remembered \1 part and '*****'
The same pipe you can add in command of executing the script; so it will filtering the script's output.

If you do not have the variable's names (seems unbelievable), you can get all *PASS variables into a file or local variables and filtering printout in the way you already have, using retrieved values.

. (By the way, having a variables in sed-command part it is better to use:
... sed "commands" file
. ( - IMHO) )

For local variable: (I've used '*NAME' variables)
For file:

Thank you Alex for the examples, its exactly what I needed.
I used sed 's/^\(.*PASS=\).*/\1*****/' and it did the job.
Can you explain me what this sed contains? Or maybe give a link to read? I need to make an adaptation of it and I need to know more.
I have the following line in the log :

ORA_CONNECT_STRING=username value/password

The username name is taken from the $USERNAME variable.

How do I write the sed to change the password to *****?
sed 's/^\(.*CONNECT_STRING='"$USERNAME"'/\).*/\1*****/'
Is that correct ?

Worth noting that the scripts, as listed, will fail to (always, fully) protect a password containing the string "PASS=".

To fix that issue, I'd go with:

Thank you Dan for your help.

I have another problem to resolve involving sed:
In the log I have the following line :

+ sqlplus -S env10/env10pass@DBL9

I put :

s/^\(.*+ sqlplus -S '"$ORA_USER"'\).*/\1\/\*******@'"$DB_NAME"'/


env10 is the value of $ORA_USER. Unfortunely this variable is an application-related one, and does not exist anymore when I execute the sed(after the log is writen). Because of this I get the following result :

+ sqlplus -s /****@DBL9

Thats because $ORA_USER is empty....



What I need is a sed that looks up the string :
+ sqlplus -S ,skips the rest until the / and then changes the string between the / and @ with *****

Thank you all for the help !

Assuming your desired output is:

+ sqlplus -s env10/****@DBL9

you can try this: