secrets unintentionally printed to cloud-init logs

The two lines of bash code below pull a secret into a cloud-init script for an Azure VM running RHEL8. But each of the two lines has an unintended side effect of printing the secret into the cloud-init logs for the entire world to see. **What specifically must be changed in the two lines below in order to prevent them from printing out the secret into the logs?** myVar=$(az keyvault secret show --name "mySecretsFile" --vault-name "$VAULT_NAME" --query "value") echo "$myVar" | base64 --decode --ignore-garbage >>/home/username/somefoldername/keys.yaml The logs for the two above lines look like the following, except that here we have redacted the actual secret for the public forum. In the actual logs, the secret is printed twice: + myVar='"really-long-alpha-numeric-secret-redacted-for-stack-exchange"' + echo '"really-long-alpha-numeric-secret-redacted-for-stack-exchange"' This might be a simple bash question about how to suppress printing of certain types of things in logs.