quipucords · infinitewarp · Dec 17, 2024 · Sep 24, 2024 · Dec 16, 2024 · Dec 16, 2024
diff --git a/docs/_build/QPC_VAR_PROGRAM_NAME.1 b/docs/_build/QPC_VAR_PROGRAM_NAME.1
@@ -152,7 +152,7 @@ When a scan runs, it uses a source that contains information such as the host na
 .sp
 To create a credential, supply the type of credential and supply SSH credentials as either a username\-password pair, a username\-key pair, or an access token. The QPC_VAR_PROJECT tool stores each set of credentials in a separate credential entry.
 .sp
-\fBQPC_VAR_PROGRAM_NAME cred add \-\-name=\fP \fIname\fP \fB\-\-type=\fP \fI(network | vcenter | satellite | openshift | rhacs | ansible)\fP \fB\-\-username=\fP \fIusername\fP \fB(\-\-password | \-\-sshkeyfile=\fP \fIkey_file\fP | \-\-sshkey**)** \fB[\-\-sshpassphrase]\fP \fB\-\-become\-method=\fP \fI(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )\fP \fB\-\-become\-user=\fP \fIuser\fP \fB[\-\-become\-password]\fP \fB[\-\-token]\fP
+\fBQPC_VAR_PROGRAM_NAME cred add \-\-name=\fP \fIname\fP \fB\-\-type=\fP \fI(network | vcenter | satellite | openshift | rhacs | ansible)\fP \fB\-\-username=\fP \fIusername\fP \fB(\-\-password | \-\-sshkey\fP)** \fB[\-\-sshpassphrase]\fP \fB\-\-become\-method=\fP \fI(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )\fP \fB\-\-become\-user=\fP \fIuser\fP \fB[\-\-become\-password]\fP \fB[\-\-token]\fP
 .sp
 \fB\-\-name=name\fP
 .INDENT 0.0
@@ -178,28 +178,21 @@ Required for both password and SSH key authentication. Sets the username of the
 \fB\-\-password\fP
 .INDENT 0.0
 .INDENT 3.5
-Prompts for the password for the \fB\-\-username\fP identity. Mutually exclusive with the \fB\-\-sshkeyfile\fP, \fB\-\-sshkey\fP and \fB\-\-token\fP options.
-.UNINDENT
-.UNINDENT
-.sp
-\fB\-\-sshkeyfile=key_file\fP
-.INDENT 0.0
-.INDENT 3.5
-Sets the path of the file that contains the private SSH key for the \fB\-\-username\fP identity. Mutually exclusive with the \fB\-\-password\fP, \fB\-\-ssh\-key\fP and \fB\-\-token\fP options.
+Prompts for the password for the \fB\-\-username\fP identity. Mutually exclusive with the \fB\-\-sshkey\fP and \fB\-\-token\fP options.
 .UNINDENT
 .UNINDENT
 .sp
 \fB\-\-sshkey\fP
 .INDENT 0.0
 .INDENT 3.5
-Prompts for the private SSH key for the \fB\-\-username\fP identity. Mutually exclusive with the \fB\-\-password\fP, \fB\-\-token\fP and \fB\-\-sshkeyfile\fP options.
+Prompts for the private SSH key for the \fB\-\-username\fP identity. Mutually exclusive with the \fB\-\-password\fP and \fB\-\-token\fP options.
 .UNINDENT
 .UNINDENT
 .sp
 \fB\-\-sshpassphrase\fP
 .INDENT 0.0
 .INDENT 3.5
-Prompts for the passphrase to be used when connecting with an SSH keyfile or SSH key that requires a passphrase. Can only be used with the \fB\-\-sshkeyfile\fP or \fB\-\-sshkey\fP option.
+Prompts for the passphrase to be used when connecting with an SSH key that requires a passphrase. Can only be used with the \fB\-\-sshkey\fP option.
 .UNINDENT
 .UNINDENT
 .sp
@@ -227,16 +220,16 @@ Prompts for the privilege escalation password to be used when running a network
 \fB\-\-token\fP
 .INDENT 0.0
 .INDENT 3.5
-Prompts for the access token for authentication. Mutually exclusive with the \fB\-\-sshkeyfile\fP, \fB\-\-sshkey\fP and \fB\-\-password\fP options.
+Prompts for the access token for authentication. Mutually exclusive with the \fB\-\-sshkey\fP and \fB\-\-password\fP options.
 .UNINDENT
 .UNINDENT
 .sp
 The information in a credential might change, including passwords, become passwords, SSH keys, the become_method, tokens or even the username. For example, your local security policies might require you to change passwords periodically. Use the \fBQPC_VAR_PROGRAM_NAME cred edit\fP command to change credential information. The parameters for \fBQPC_VAR_PROGRAM_NAME cred edit\fP are the same as those for \fBQPC_VAR_PROGRAM_NAME cred add\fP\&.
 .sp
-\fBQPC_VAR_PROGRAM_NAME cred edit \-\-name=\fP \fIname\fP \fB\-\-username=\fP \fIusername\fP \fB(\-\-password | \-\-sshkeyfile=\fP \fIkey_file\fP | \-\-sshkey \fB)\fP \fB[\-\-sshpassphrase]\fP \fB\-\-become\-method=\fP \fI(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )\fP \fB\-\-become\-user=\fP \fIuser\fP \fB[\-\-become\-password]\fP \fB[\-\-token]\fP
+\fBQPC_VAR_PROGRAM_NAME cred edit \-\-name=\fP \fIname\fP \fB\-\-username=\fP \fIusername\fP \fB(\-\-password | \-\-sshkey **)\fP \fB[\-\-sshpassphrase]\fP \fB\-\-become\-method=\fP \fI(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )\fP \fB\-\-become\-user=\fP \fIuser\fP \fB[\-\-become\-password]\fP \fB[\-\-token]\fP
 .SS Listing and Showing Credentials
 .sp
-The \fBQPC_VAR_PROGRAM_NAME cred list\fP command returns the details for every credential that is configured for QPC_VAR_PROJECT. This output includes the name, username, password, SSH keyfile, sudo password, or token (if applicable) for each entry. Passwords and tokens are masked if provided, if not, they will appear as \fBnull\fP\&.
+The \fBQPC_VAR_PROGRAM_NAME cred list\fP command returns the details for every credential that is configured for QPC_VAR_PROJECT. This output includes the name and username for each entry. Secret values such as passwords and tokens are never displated in the output.
 .sp
 \fBQPC_VAR_PROGRAM_NAME cred list \-\-type=\fP \fI(network | vcenter | satellite | openshift | rhacs | ansible)\fP
 .sp
@@ -606,7 +599,7 @@ Use the \fBQPC_VAR_PROGRAM_NAME report\fP command to retrieve a report from a sc
 .sp
 The \fBQPC_VAR_PROGRAM_NAME report details\fP command retrieves a detailed report that contains the unprocessed facts that are gathered during a scan. These facts are the raw output from Network, vCenter, Satellite, Openshift, Red Hat Advanced Cluster Security and Ansible scans, as applicable.
 .sp
-\fBQPC_VAR_PROGRAM_NAME report details (\-\-scan\-job\fP \fIscan_job_identifier\fP \fB|\fP \fB\-\-report\fP \fIreport_identifier\fP \fB)\fP \fB(\-\-json|\-\-csv)\fP \fB\-\-output\-file\fP \fIpath\fP \fB[\-\-mask]\fP
+\fBQPC_VAR_PROGRAM_NAME report details (\-\-scan\-job\fP \fIscan_job_identifier\fP \fB|\fP \fB\-\-report\fP \fIreport_identifier\fP \fB)\fP \fB(\-\-json|\-\-csv)\fP \fB\-\-output\-file\fP \fIpath\fP
 .sp
 \fB\-\-scan\-job=scan_job_identifier\fP
 .INDENT 0.0
@@ -642,20 +635,13 @@ Displays the results of the report in CSV format. Mutually exclusive with the \f
 Optional. Sets the path to a file location where the report data is saved. The file extension must be \fB\&.json\fP for the JSON report or \fB\&.csv\fP for the CSV report. When the field is not provided and \fI\-\-json\fP specified, a JSON report will be generated to stdout.
 .UNINDENT
 .UNINDENT
-.sp
-\fB\-\-mask\fP
-.INDENT 0.0
-.INDENT 3.5
-Displays the results of the report with sensitive data masked by a hash.
-.UNINDENT
-.UNINDENT
 .SS Viewing the Deployments Report
 .sp
 The \fBQPC_VAR_PROGRAM_NAME report deployments\fP command retrieves a report that contains the processed fingerprints from a scan. A \fIfingerprint\fP is the set of system, product, and entitlement facts for a particular physical or virtual machine. A processed fingerprint results from a procedure that merges facts from various sources, and, when possible, deduplicates redundant systems.
 .sp
 For example, the raw facts of a scan that includes both Network and vCenter sources could show two instances of a machine, indicated by an identical MAC address. The deployments report results in a deduplicated and merged fingerprint that shows both the Network and vCenter facts for that machine as a single set.
 .sp
-\fBQPC_VAR_PROGRAM_NAME report deployments (\-\-scan\-job\fP \fIscan_job_identifier\fP \fB|\fP \fB\-\-report\fP \fIreport_identifier\fP \fB)\fP \fB(\-\-json|\-\-csv)\fP \fB\-\-output\-file\fP \fIpath\fP \fB[\-\-mask]\fP
+\fBQPC_VAR_PROGRAM_NAME report deployments (\-\-scan\-job\fP \fIscan_job_identifier\fP \fB|\fP \fB\-\-report\fP \fIreport_identifier\fP \fB)\fP \fB(\-\-json|\-\-csv)\fP \fB\-\-output\-file\fP \fIpath\fP
 .sp
 \fB\-\-scan\-job=scan_job_identifier\fP
 .INDENT 0.0
@@ -691,13 +677,6 @@ Displays the results of the report in CSV format. Mutually exclusive with the \f
 Optional. Sets the path to a file location where the report data is saved. The file extension must be \fB\&.json\fP for the JSON report or \fB\&.csv\fP for the CSV report. When the field is not provided and \fI\-\-json\fP specified, a JSON report will be generated to stdout.
 .UNINDENT
 .UNINDENT
-.sp
-\fB\-\-mask\fP
-.INDENT 0.0
-.INDENT 3.5
-Displays the results of the report with sensitive data masked by a hash.
-.UNINDENT
-.UNINDENT
 .SS Viewing the Insights Report
 .sp
 The \fBQPC_VAR_PROGRAM_NAME report insights\fP command retrieves a report that contains the hosts to be uploaded to the subscription insights service. A \fIhost\fP is the set of system, product, and entitlement facts for a particular physical or virtual machine.
@@ -728,7 +707,7 @@ Optional. Sets the path to a file location where the report data is saved. The f
 .sp
 The \fBQPC_VAR_PROGRAM_NAME report download\fP command downloads a set of reports, identified either by scan job identifer or report identifier, as a TAR.GZ file.  The report TAR.GZ file contains the details and deployments reports in both their JSON and CSV formats.
 .sp
-\fBQPC_VAR_PROGRAM_NAME report download (\-\-scan\-job\fP \fIscan_job_identifier\fP \fB|\fP \fB\-\-report\fP \fIreport_identifier\fP \fB)\fP \fB\-\-output\-file\fP \fIpath\fP \fB[\-\-mask]\fP
+\fBQPC_VAR_PROGRAM_NAME report download (\-\-scan\-job\fP \fIscan_job_identifier\fP \fB|\fP \fB\-\-report\fP \fIreport_identifier\fP \fB)\fP \fB\-\-output\-file\fP \fIpath\fP
 .sp
 \fB\-\-scan\-job=scan_job_identifier\fP
 .INDENT 0.0
@@ -750,13 +729,6 @@ Contains the report identifier to use to download the reports. Mutually exclusiv
 Required. Sets the path to a file location where the report data is saved. The file extension must be \fB\&.tar.gz\fP\&.
 .UNINDENT
 .UNINDENT
-.sp
-\fB\-\-mask\fP
-.INDENT 0.0
-.INDENT 3.5
-Download the reports with sensitive data masked by a hash.
-.UNINDENT
-.UNINDENT
 .SS Merging Scan Job Results
 .sp
 The \fBQPC_VAR_PROGRAM_NAME report merge\fP command merges report data and returns the report identifier of the merged report. You can use this report identifier and the \fBQPC_VAR_PROGRAM_NAME report\fP command with the \fBdetails\fP or \fBdeployments\fP subcommands to retrieve a report from the merged results.
@@ -913,14 +885,6 @@ Creating a new network type credential with a password
 .sp
 \fBQPC_VAR_PROGRAM_NAME cred add \-\-name net_cred \-\-type network \-\-username QPC_VAR_PROGRAM_NAME_user \-\-password\fP
 .IP \(bu 2
-Creating a new network type credential with a keyfile
-.sp
-\fBQPC_VAR_PROGRAM_NAME cred add \-\-name net_cred2 \-\-type network \-\-username QPC_VAR_PROGRAM_NAME_user \-\-sshkeyfile /etc/ssh/ssh_host_rsa_key\fP
-.IP \(bu 2
-Creating a new network type credential with a keyfile requiring a passphrase
-.sp
-\fBQPC_VAR_PROGRAM_NAME cred add \-\-name net_cred3 \-\-type network \-\-username QPC_VAR_PROGRAM_NAME_user \-\-sshkeyfile /etc/ssh/ssh_host_rsa_key \-\-sshpassphrase\fP
-.IP \(bu 2
 Creating a new network type credential with an SSH key
 .sp
 \fBQPC_VAR_PROGRAM_NAME cred add \-\-name net_cred4 \-\-type network \-\-username QPC_VAR_PROGRAM_NAME_user \-\-sshkey\fP

diff --git a/docs/_build/man-qpc.rst b/docs/_build/man-qpc.rst
@@ -134,7 +134,7 @@ Creating and Editing Credentials
 
 To create a credential, supply the type of credential and supply SSH credentials as either a username-password pair, a username-key pair, or an access token. The Quipucords tool stores each set of credentials in a separate credential entry.
 
-**qpc cred add --name=** *name* **--type=** *(network | vcenter | satellite | openshift | rhacs | ansible)* **--username=** *username* **(--password | --sshkeyfile=** *key_file* | --sshkey**)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**
+**qpc cred add --name=** *name* **--type=** *(network | vcenter | satellite | openshift | rhacs | ansible)* **--username=** *username* **(--password | --sshkey**)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**
 
 ``--name=name``
 
@@ -150,19 +150,15 @@ To create a credential, supply the type of credential and supply SSH credentials
 
 ``--password``
 
-  Prompts for the password for the ``--username`` identity. Mutually exclusive with the ``--sshkeyfile``, ``--sshkey`` and ``--token`` options.
-
-``--sshkeyfile=key_file``
-
-  Sets the path of the file that contains the private SSH key for the ``--username`` identity. Mutually exclusive with the ``--password``, ``--ssh-key`` and ``--token`` options.
+  Prompts for the password for the ``--username`` identity. Mutually exclusive with the ``--sshkey`` and ``--token`` options.
 
 ``--sshkey``
 
-  Prompts for the private SSH key for the ``--username`` identity. Mutually exclusive with the ``--password``, ``--token`` and ``--sshkeyfile`` options.
+  Prompts for the private SSH key for the ``--username`` identity. Mutually exclusive with the ``--password`` and ``--token`` options.
 
 ``--sshpassphrase``
 
-  Prompts for the passphrase to be used when connecting with an SSH keyfile or SSH key that requires a passphrase. Can only be used with the ``--sshkeyfile`` or ``--sshkey`` option.
+  Prompts for the passphrase to be used when connecting with an SSH key that requires a passphrase. Can only be used with the ``--sshkey`` option.
 
 ``--become-method=become_method``
 
@@ -178,16 +174,16 @@ To create a credential, supply the type of credential and supply SSH credentials
 
 ``--token``
 
-  Prompts for the access token for authentication. Mutually exclusive with the ``--sshkeyfile``, ``--sshkey`` and ``--password`` options.
+  Prompts for the access token for authentication. Mutually exclusive with the ``--sshkey`` and ``--password`` options.
 
 The information in a credential might change, including passwords, become passwords, SSH keys, the become_method, tokens or even the username. For example, your local security policies might require you to change passwords periodically. Use the ``qpc cred edit`` command to change credential information. The parameters for ``qpc cred edit`` are the same as those for ``qpc cred add``.
 
-**qpc cred edit --name=** *name* **--username=** *username* **(--password | --sshkeyfile=** *key_file* | --sshkey **)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**
+**qpc cred edit --name=** *name* **--username=** *username* **(--password | --sshkey **)** **[--sshpassphrase]** **--become-method=** *(sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas )* **--become-user=** *user* **[--become-password]** **[--token]**
 
 Listing and Showing Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The ``qpc cred list`` command returns the details for every credential that is configured for Quipucords. This output includes the name, username, password, SSH keyfile, sudo password, or token (if applicable) for each entry. Passwords and tokens are masked if provided, if not, they will appear as ``null``.
+The ``qpc cred list`` command returns the details for every credential that is configured for Quipucords. This output includes the name and username for each entry. Secret values such as passwords and tokens are never displated in the output.
 
 **qpc cred list --type=** *(network | vcenter | satellite | openshift | rhacs | ansible)*
 
@@ -494,7 +490,7 @@ Viewing the Details Report
 
 The ``qpc report details`` command retrieves a detailed report that contains the unprocessed facts that are gathered during a scan. These facts are the raw output from Network, vCenter, Satellite, Openshift, Red Hat Advanced Cluster Security and Ansible scans, as applicable.
 
-**qpc report details (--scan-job** *scan_job_identifier* **|** **--report** *report_identifier* **)** **(--json|--csv)** **--output-file** *path* **[--mask]**
+**qpc report details (--scan-job** *scan_job_identifier* **|** **--report** *report_identifier* **)** **(--json|--csv)** **--output-file** *path*
 
 ``--scan-job=scan_job_identifier``
 
@@ -516,18 +512,14 @@ The ``qpc report details`` command retrieves a detailed report that contains the
 
   Optional. Sets the path to a file location where the report data is saved. The file extension must be ``.json`` for the JSON report or ``.csv`` for the CSV report. When the field is not provided and `--json` specified, a JSON report will be generated to stdout.
 
-``--mask``
-
-  Displays the results of the report with sensitive data masked by a hash.
-
 Viewing the Deployments Report
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The ``qpc report deployments`` command retrieves a report that contains the processed fingerprints from a scan. A *fingerprint* is the set of system, product, and entitlement facts for a particular physical or virtual machine. A processed fingerprint results from a procedure that merges facts from various sources, and, when possible, deduplicates redundant systems.
 
 For example, the raw facts of a scan that includes both Network and vCenter sources could show two instances of a machine, indicated by an identical MAC address. The deployments report results in a deduplicated and merged fingerprint that shows both the Network and vCenter facts for that machine as a single set.
 
-**qpc report deployments (--scan-job** *scan_job_identifier* **|** **--report** *report_identifier* **)** **(--json|--csv)** **--output-file** *path* **[--mask]**
+**qpc report deployments (--scan-job** *scan_job_identifier* **|** **--report** *report_identifier* **)** **(--json|--csv)** **--output-file** *path*
 
 ``--scan-job=scan_job_identifier``
 
@@ -549,10 +541,6 @@ For example, the raw facts of a scan that includes both Network and vCenter sour
 
   Optional. Sets the path to a file location where the report data is saved. The file extension must be ``.json`` for the JSON report or ``.csv`` for the CSV report. When the field is not provided and `--json` specified, a JSON report will be generated to stdout.
 
-``--mask``
-
-  Displays the results of the report with sensitive data masked by a hash.
-
 Viewing the Insights Report
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -578,7 +566,7 @@ Downloading Reports
 
 The ``qpc report download`` command downloads a set of reports, identified either by scan job identifer or report identifier, as a TAR.GZ file.  The report TAR.GZ file contains the details and deployments reports in both their JSON and CSV formats.
 
-**qpc report download (--scan-job** *scan_job_identifier* **|** **--report** *report_identifier* **)** **--output-file** *path* **[--mask]**
+**qpc report download (--scan-job** *scan_job_identifier* **|** **--report** *report_identifier* **)** **--output-file** *path*
 
 ``--scan-job=scan_job_identifier``
 
@@ -592,10 +580,6 @@ The ``qpc report download`` command downloads a set of reports, identified eithe
 
   Required. Sets the path to a file location where the report data is saved. The file extension must be ``.tar.gz``.
 
-``--mask``
-
-  Download the reports with sensitive data masked by a hash.
-
 Merging Scan Job Results
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -720,14 +704,6 @@ Examples
 
   ``qpc cred add --name net_cred --type network --username qpc_user --password``
 
-* Creating a new network type credential with a keyfile
-
-  ``qpc cred add --name net_cred2 --type network --username qpc_user --sshkeyfile /etc/ssh/ssh_host_rsa_key``
-
-* Creating a new network type credential with a keyfile requiring a passphrase
-
-  ``qpc cred add --name net_cred3 --type network --username qpc_user --sshkeyfile /etc/ssh/ssh_host_rsa_key --sshpassphrase``
-
 * Creating a new network type credential with an SSH key
 
   ``qpc cred add --name net_cred4 --type network --username qpc_user --sshkey``