Removes the risk of sending decrypted EJSON secrets to output.

lib/kubernetes-deploy/ejson_secret_provisioner.rb

@@ -74,7 +74,7 @@ def prune_managed_secrets
         prune_count += 1
         out, err, st = @kubectl.run("delete", "secret", secret_name)
         @logger.debug(out)
-        raise EjsonSecretError, err unless st.success?
+        raise EjsonSecretError, "Failed to prune secrets" unless st.success?
       end
       @logger.summary.add_action("pruned #{prune_count} #{'secret'.pluralize(prune_count)}") if prune_count > 0
     end
@@ -121,7 +121,7 @@ def create_or_update_secret(secret_name, secret_type, data)
 
       out, err, st = @kubectl.run("apply", "--filename=#{file.path}")
       @logger.debug(out)
-      raise EjsonSecretError, err unless st.success?
+      raise EjsonSecretError, "Failed to create or update secrets" unless st.success?
     ensure
       file&.unlink
     end
@@ -181,7 +181,7 @@ def decrypt_ejson(key_dir)
       raise EjsonSecretError, out_err unless st.success?
       JSON.parse(out_err)
     rescue JSON::ParserError => e
-      raise EjsonSecretError, "Failed to parse decrypted ejson:\n  #{e}"
+      raise EjsonSecretError, "Failed to parse decrypted ejson"
     end
 
     def fetch_private_key_from_secret