From fd233b2c0abfaa62e4416ac9d789b6d7e97bf1f7 Mon Sep 17 00:00:00 2001
From: DEFERME Bert <bert.deferme@sfpd.fgov.be>
Date: Fri, 5 Aug 2022 17:00:22 +0200
Subject: [PATCH] Fix exposing password for debug mode

---
 manifests/database/postgresql.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp
index a6b45c529..473ed347b 100644
--- a/manifests/database/postgresql.pp
+++ b/manifests/database/postgresql.pp
@@ -71,9 +71,9 @@
   }
 
   exec { 'update_pgpass':
-    command => "echo ${database_host}:5432:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass",
+    command => Sensitive("echo ${database_host}:5432:${database_name}:${database_user}:${database_password_unsensitive} >> /root/.pgpass"),
     path    => "/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:${database_path}",
-    unless  => "grep \"${database_host}:5432:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass",
+    unless  => Sensitive("grep \"${database_host}:5432:${database_name}:${database_user}:${database_password_unsensitive}\" /root/.pgpass"),
     require => File['/root/.pgpass'],
   }