Sensitive data could still be exposed by variable substitution

Time taken: 0.017 seconds, Fetched 1 row(s)
spark-sql> set ${spark.ssl.keyPassword}
         > ;
abc    <undefined> 

spark-sql> set spark.ssl.keyPassword;
spark.ssl.keyPassword    *********(redacted)
Time taken: 0.009 seconds, Fetched 1 row(s)
spark-sql> select '${spark.ssl.keyPassword}'
         > ;
abc