From 99b8f98a8b354d0d37c4568b9e938df6999a2c0b Mon Sep 17 00:00:00 2001
From: Tanmay Jain <tanmay.jain@hashicorp.com>
Date: Fri, 20 Jun 2025 16:50:07 +0530
Subject: [PATCH] Updating a log to prevent secret leaks

---
 provisioner/powershell/provisioner.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/provisioner/powershell/provisioner.go b/provisioner/powershell/provisioner.go
index 901707c22..990f13308 100644
--- a/provisioner/powershell/provisioner.go
+++ b/provisioner/powershell/provisioner.go
@@ -535,7 +535,16 @@ func (p *Provisioner) createFlattenedEnvVars(elevated bool) (flattened string) {
 		keyValue := strings.SplitN(envVar, "=", 2)
 		// Escape chars special to PS in each env var value
 		escapedEnvVarValue := psEscape.Replace(keyValue[1])
-		if escapedEnvVarValue != keyValue[1] {
+
+		isSensitive := false
+		for _, sensitiveVar := range p.config.PackerSensitiveVars {
+			if strings.EqualFold(sensitiveVar, keyValue[0]) {
+				isSensitive = true
+				break
+			}
+		}
+
+		if escapedEnvVarValue != keyValue[1] && !isSensitive {
 			log.Printf("Env var %s converted to %s after escaping chars special to PS", keyValue[1],
 				escapedEnvVarValue)
 		}