kubernetes · medyagh · Sep 20, 2023 · Aug 24, 2023 · Aug 31, 2023 · Sep 2, 2023
diff --git a/pkg/minikube/node/config.go b/pkg/minikube/node/config.go
@@ -21,7 +21,9 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"regexp"
 	"strconv"
+	"strings"
 	"sync"
 
 	"github.com/spf13/viper"
@@ -39,11 +41,26 @@ import (
 	"k8s.io/minikube/pkg/util/lock"
 )
 
+func maskProxyPassword(v string) string {
+	parts := strings.Split(v, "=")
+	if len(parts) == 2 {
+		key := strings.ToUpper(parts[0])
+		if key == "HTTP_PROXY" || key == "HTTPS_PROXY" {
+			pattern := `//([^:]+):[^\@]+@`
+			regexpPattern := regexp.MustCompile(pattern)
+			value := regexpPattern.ReplaceAllString(parts[1], "//$1:*****@")
+			v = key + "=" + value
+		}
+	}
+	return v
+}
+
 func showVersionInfo(k8sVersion string, cr cruntime.Manager) {
 	version, _ := cr.Version()
 	register.Reg.SetStep(register.PreparingKubernetes)
 	out.Step(cr.Style(), "Preparing Kubernetes {{.k8sVersion}} on {{.runtime}} {{.runtimeVersion}} ...", out.V{"k8sVersion": k8sVersion, "runtime": cr.Name(), "runtimeVersion": version})
 	for _, v := range config.DockerOpt {
+		v = maskProxyPassword(v)
 		out.Infof("opt {{.docker_option}}", out.V{"docker_option": v})
 	}
 	for _, v := range config.DockerEnv {

diff --git a/pkg/minikube/node/config_test.go b/pkg/minikube/node/config_test.go
@@ -0,0 +1,60 @@
+/*
+Copyright 2016 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"testing"
+)
+
+func Test_maskProxyPassword(t *testing.T) {
+	type dockerOptTest struct {
+		input  string
+		output string
+	}
+	var tests = []dockerOptTest{
+		{
+			input:  "cats",
+			output: "cats",
+		},
+		{
+			input:  "myDockerOption=value",
+			output: "myDockerOption=value",
+		},
+		{
+			input:  "http_proxy=http://myproxy.company.com",
+			output: "HTTP_PROXY=http://myproxy.company.com",
+		},
+		{
+			input:  "https_proxy=http://jdoe@myproxy.company.com:8080",
+			output: "HTTPS_PROXY=http://jdoe@myproxy.company.com:8080",
+		},
+		{
+			input:  "https_proxy=https://mary:am$uT8zB(rP@myproxy.company.com:8080",
+			output: "HTTPS_PROXY=https://mary:*****@myproxy.company.com:8080",
+		},
+		{
+			input:  "http_proxy=http://jdoe:mPu3z9uT#!@myproxy.company.com:8080",
+			output: "HTTP_PROXY=http://jdoe:*****@myproxy.company.com:8080",
+		},
+	}
+	for _, test := range tests {
+		got := maskProxyPassword(test.input)
+		if got != test.output {
+			t.Errorf("maskProxyPassword(\"%v\"): got %v, expected %v", test.input, got, test.output)
+		}
+	}
+}
diff --git a/pkg/minikube/node/start.go b/pkg/minikube/node/start.go
@@ -723,9 +723,15 @@ func validateNetwork(h *host.Host, r command.Runner, imageRepository string) (st
 				out.Styled(style.Internet, "Found network options:")
 				optSeen = true
 			}
+			k = strings.ToUpper(k) // let's get the key right away to mask password from output
+			// If http(s)_proxy contains password, let's not splatter on the screen
+			if k == "HTTP_PROXY" || k == "HTTPS_PROXY" {
+				pattern := `//(\w+):\w+@`
+				regexpPattern := regexp.MustCompile(pattern)
+				v = regexpPattern.ReplaceAllString(v, "//$1:*****@")
+			}
 			out.Infof("{{.key}}={{.value}}", out.V{"key": k, "value": v})
 			ipExcluded := proxy.IsIPExcluded(ip) // Skip warning if minikube ip is already in NO_PROXY
-			k = strings.ToUpper(k)               // for http_proxy & https_proxy
 			if (k == "HTTP_PROXY" || k == "HTTPS_PROXY") && !ipExcluded && !warnedOnce {
 				out.WarningT("You appear to be using a proxy, but your NO_PROXY environment does not include the minikube IP ({{.ip_address}}).", out.V{"ip_address": ip})
 				out.Styled(style.Documentation, "Please see {{.documentation_url}} for more details", out.V{"documentation_url": "https://minikube.sigs.k8s.io/docs/handbook/vpn_and_proxy/"})