You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@deltaspike.apache.org by "Mark Struberg (JIRA)" <ji...@apache.org> on 2013/06/13 16:32:19 UTC

[jira] [Created] (DELTASPIKE-382) mask out passwords and other credentials

Mark Struberg created DELTASPIKE-382:
----------------------------------------

             Summary: mask out passwords and other credentials
                 Key: DELTASPIKE-382
                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-382
             Project: DeltaSpike
          Issue Type: New Feature
          Components: Configuration
    Affects Versions: 0.4
            Reporter: Mark Struberg
            Assignee: Mark Struberg
             Fix For: 0.5


Our configuration mechanism currently logs all the configured values.
This makes it hard to use it for passwords and stuff.

I suggest we introduce some specific prefix property to configure configs which contain sensitive information.

For the key 'some.random.password' this could look like:

deltaspike_config.mask.some.random.password=true

In the log we would in this case just output the information whether and where we did find some value, but not print the details for all configs which start with all of the configured masks.

I'm not yet sure though how to configure this best. Suggestions appreciated!

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira