Imagine the command output contains sensitive data. One workaround could be writing a bolt task for it and let the task script suppress the output. But I think it's not too much to ask that bolt should handle this case as well (Assuming I didn't misread documentation) Oh no! This doesn't work if you actually need to work with the returned result value. The issue is that it logs the full result and thus including values. Correction: Rules for sensitive data returns in tasks: https://www.puppet.com/docs/bolt/latest/writing_tasks.html#returning-sensitive-data But would still be useful if I could option the

run_command

that the output contains sensitive data