From d73b4f2affbf677b3ca46ebbde5d7bc9d05894cb Mon Sep 17 00:00:00 2001
From: Sebastian Reitenbach <sebastia@l00-bugdead-prods.de>
Date: Mon, 14 Mar 2016 14:39:30 +0100
Subject: [PATCH] Do not leak the DB password when overriding environment
 variable NEWPGPASSWD

---
 lib/puppet/provider/postgresql_psql/ruby.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/provider/postgresql_psql/ruby.rb b/lib/puppet/provider/postgresql_psql/ruby.rb
index 690e437..a2819dc 100644
--- a/lib/puppet/provider/postgresql_psql/ruby.rb
+++ b/lib/puppet/provider/postgresql_psql/ruby.rb
@@ -38,7 +38,11 @@ Puppet::Type.type(:postgresql_psql).provide(:ruby) do
           env_name = $1
           value = $2
           if environment.include?(env_name) || environment.include?(env_name.to_sym)
-            warning "Overriding environment setting '#{env_name}' with '#{value}'"
+            if env_name == 'NEWPGPASSWD'
+              warning "Overriding environment setting '#{env_name}' with '****'"
+            else
+              warning "Overriding environment setting '#{env_name}' with '#{value}'"
+            end
           end
           environment[env_name] = value
         else