From a801e714c4940aa5bf04ee05f8e1924805623977 Mon Sep 17 00:00:00 2001
From: jordanbreen28 <jordan.breen@perforce.com>
Date: Thu, 15 Aug 2024 10:00:18 +0100
Subject: [PATCH] (maint) - add disclaimer for script block logging

This commit adds a warning the readme about the use
of sensitive data with script block logging enabled.
As per microsoft's own recommendation, protected event
logging should also be enabled to encyrpt this data.
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 4cb8a55a..4376fc0c 100644
--- a/README.md
+++ b/README.md
@@ -86,6 +86,10 @@ The following platforms are supported:
 - RedHat
 - Ubuntu
 
+## Limitations
+
+- When PowerShell [Script Block Logging](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4#enabling-script-block-logging) is enabled, data marked as sensitive in your manifest may appear in these logs as plain text. It is **highly recommended**, by both Puppet and Microsoft, that you also enable [Protected Event Logging](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.4#protected-event-logging) alongside this to encrypt the logs to protect this information.
+
 ## License
 
 This codebase is licensed under Apache 2.0. However, the open source dependencies included in this codebase might be subject to other software licenses such as AGPL, GPL2.0, and MIT.