Comment 2 for bug 1406191

Current enforced policy already make sure only users with admin role can get node detail info, i.e. able to run "node-show". If we just hide the plain text in output, people can still use '--debug' option to get the plain text from the original response from ironic-api server. It's easy to just hide it in api server side, but if we still want to see the plain text in some cases, we'll have to change the API. So a compromised solution would be adding a new config option in ironic.conf to control if sensitive credentials should be hidden in api response.