[CAM-9710] Sensitive data logged on engine start

Type: Task
Resolution: Done
Priority: L3 - Default
Fix Version/s: spring-boot 3.3.0, spring-boot 3.3.0-alpha1
Affects Version/s: None
Component/s: spring-boot
Labels:
None

Start spring boot starter with configured admin user. The following log level is set by default: org.camunda.bpm.engine.cfg=INFO
You can see the following trace is the output:

2019-02-04 11:56:48.962  INFO 14520 --- [           main] org.camunda.bpm.engine.cfg               : ENGINE-12003 Plugin 'CompositeProcessEnginePlugin[genericPropertiesConfiguration, camundaProcessEngineConfiguration, camundaDatasourceConfiguration, camundaJobConfiguration, camundaHistoryConfiguration, camundaMetricsConfiguration, camundaAuthorizationConfiguration, CreateAdminUserConfiguration[adminUser=AdminUserProperty[id=kermit, firstName=Kermit, lastName=Kermit, email=kermit@localhost, password=demodemo]], enterLicenseKeyConfiguration, failedJobConfiguration, CreateFilterConfiguration[filterName=All], disableDeploymentResourcePattern]' activated on process engine 'default'

We should consider to do not print the sensitive data in this output.

Hint:
https://github.com/camunda/camunda-bpm-spring-boot-starter/blob/master/starter/src/main/java/org/camunda/bpm/spring/boot/starter/property/AdminUserProperty.java#L100

This is the controller panel for Smart Panels app

Yana Vasileva created issue - 04/Feb/19 12:01 PM

Thorben Lindhauer made changes - 04/Feb/19 12:51 PM

Fix Version/s

New: 7.11.0 [ 15343 ]

Thorben Lindhauer made changes - 14/Feb/19 2:55 PM

Workflow

Original: camunda BPM [ 54764 ]

New: Backup_camunda BPM [ 56661 ]

Thorben Lindhauer made changes - 18/Apr/19 10:17 AM

Fix Version/s		New: spring-boot 3.3.0 [ 15359 ]
Fix Version/s	Original: 7.11.0 [ 15343 ]

Thorben Lindhauer made changes - 18/Apr/19 3:40 PM

Assignee

New: Nikola Koevski [ nikola.koevski ]

Nikola Koevski made changes - 18/Apr/19 5:00 PM

Rank

New: Ranked lower

Nikola Koevski made changes - 23/Apr/19 4:01 PM

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Nikola Koevski added a comment - 24/Apr/19 10:43 AM

Note for the reviewer:

Decided to still print the password property but with a static value ****** so that users are aware that it exists in the AdminUserPropery class.

Nikola Koevski added a comment - 24/Apr/19 10:43 AM Note for the reviewer: Decided to still print the password property but with a static value ****** so that users are aware that it exists in the AdminUserPropery class.

Nikola Koevski made changes - 24/Apr/19 10:43 AM

Assignee	Original: Nikola Koevski [ nikola.koevski ]	New: Miklas Boskamp [ miklas.boskamp ]
Resolution		New: Done [ 10000 ]
Status	Original: In Progress [ 3 ]	New: Resolved [ 5 ]
Remaining Estimate		New: 0 minutes [ 0 ]
Original Estimate		New: 0 minutes [ 0 ]

Miklas Boskamp made changes - 24/Apr/19 4:16 PM

Status

Original: Resolved [ 5 ]

New: Closed [ 6 ]

Assignee:: Miklas Boskamp

Reporter:: Yana Vasileva

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 04/Feb/19 12:01 PM

Updated:: 18/Nov/19 10:47 AM

Resolved:: 24/Apr/19 10:43 AM

camunda BPM

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

Collapse comment: Nikola Koevski added a comment - 24/Apr/19 10:43 AM

Expand comment: Nikola Koevski added a comment - 24/Apr/19 10:43 AM

People

Dates

Salesforce