You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With addition of config-vault module we started to support secured properties. There are places in the library where name and value of config property are exposed: config_listener, jmx exposer, http_server and plain log occurences. It's bad idea to show plain decrypted prop value in the log while keep it encrypted in Vault.
In this ticket.
Get rid of places where pconfig property values are exposed. This includes: audit log entires. plain library debug log entries, http server must not expose prop values, jmx shoulnd't expose prop values.
The text was updated successfully, but these errors were encountered:
With addition of
config-vaultmodule we started to support secured properties. There are places in the library where name and value of config property are exposed: config_listener, jmx exposer, http_server and plain log occurences. It's bad idea to show plain decrypted prop value in the log while keep it encrypted in Vault.In this ticket.
Get rid of places where pconfig property values are exposed. This includes: audit log entires. plain library debug log entries, http server must not expose prop values, jmx shoulnd't expose prop values.
The text was updated successfully, but these errors were encountered: