Does enabling SPACELIFT_SENSITIVE_OUTPUT_UPLOAD_ENABLED expose sensitive values in logs?

No, enabling the SPACELIFT_SENSITIVE_OUTPUT_UPLOAD_ENABLED environment variable does not cause sensitive outputs to be printed in the logs visible in the UI.

What does this setting do?

When you set SPACELIFT_SENSITIVE_OUTPUT_UPLOAD_ENABLED to true, the launcher will upload sensitive run outputs to the Spacelift backend. This allows sensitive outputs to be securely used as stack dependencies.

Security considerations

The sensitive outputs remain protected and are not exposed in plaintext or logs. They are securely uploaded and handled by Spacelift's backend systems while maintaining their confidentiality.

How to enable it

You can enable this feature by setting the environment variable in your worker pool configuration. For more details on worker pool configuration options, see the worker pools documentation.

For complete information about enabling sensitive outputs for stack dependencies, refer to the stack dependencies documentation.