Skip to content

[FEAT] Add --ci flag to suppress serverless credentials in logs #3029

New issue
New issue
Open
Enhancement
Open
[FEAT] Add --ci flag to suppress serverless credentials in logs#3029
Enhancement
Labels
enhancementNew feature or request
@fred-maussion

Description

@fred-maussion
fred-maussion
opened on Oct 27, 2025

Is your feature request related to a problem? Please describe.

When running elastic-package stack up --provider serverless, the command creates a new serverless project and prints the admin username and password to the console upon completion.

While this is helpful for local development, it poses a significant security risk when running in automated CI/CD environments. CI logs are typically stored and are often accessible to a wider audience, which could lead to the exposure of sensitive credentials.

Example of current log output:

...
Elasticsearch host: https://elastic-package-test-serverless-security-d9de16.es.us-east-1.aws.elastic.cloud
Kibana host: https://elastic-package-test-serverless-security-d9de16.kb.us-east-1.aws.elastic.cloud
Username: admin
Password: Gt5PV31n6MO55yXXXX
...

Even though the environment may be ephemeral based on the CI logic and configuration, there is many cases where the CI may fail and leave the serverless project live with the credentials accessible to the public.

Describe the solution you'd like

I propose the addition of a new flag to the elastic-package stack up command, for example, --ci.

When this flag is present, the command should perform its operations as normal but suppress the Username and Password from being printed to the standard output. The credentials should still be saved to the active profile so that subsequent commands in the CI pipeline (like elastic-package test) can execute successfully.

This would make running elastic-package in a CI context much more secure.

Describe alternatives you've considered
The alternative is to manually filter the log output using shell commands to remove the sensitive lines. However, this approach is cumbersome, error-prone, and not as clean as having a built-in option within the tool itself.

Additional context

This feature is particularly important for teams leveraging CI/CD to test their custom packages against Elastic Serverless, ensuring that security best practices are maintained throughout the development lifecycle.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions