Anyone realize that the password for the management account is leaked through the console logging?
I’m using the Run distribution in a Docker container.
I’m retrieving the database and ldap passwords from AWS secrets manager and starting camunda with them as parameters (I modified the start.sh to add some AWS CLI commands and am not storing them in the configuration yaml files.)
So in the docker console logs I get a line that looks like this. (Notice the <LEAKING PASSWORD for the managerDN>)
2022-01-03 16:32:16.732 INFO 18 --- [ main] org.camunda.bpm.engine.cfg : ENGINE-12003 Plugin 'CompositeProcessEnginePlugin[genericPropertiesConfiguration, camundaDeploymentConfiguration, camundaProcessEngineConfiguration, camundaDatasourceConfiguration, camundaJobConfiguration, camundaHistoryConfiguration, camundaMetricsConfiguration, camundaAuthorizationConfiguration, failedJobConfiguration, com.nuveen.camunda.ops.plugin.integration.NuvOpsEnginePlugin@46cb98a3, CamundaBpmRunLdapProperty [enabled=true, initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory, securityAuthentication=simple, contextProperties={}, serverUrl=ldaps://<Active Directory LDAP>:636, managerDn=<service account for LDAP Authentication>, managerPassword=<LEAKING PASSWORD for the managerDN>, baseDn=<DN of Active Directory>, userDnPattern=, userSearchBase=, userSearchFilter=(objectclass=person), groupSearchBase=, groupSearchFilter=(objectCategory=group), userIdAttribute=uid, userFirstnameAttribute=givenName, userLastnameAttribute=sn, userEmailAttribute=email, userPasswordAttribute=userpassword, groupIdAttribute=distinguishedName, groupNameAttribute=sAMAccountName, groupTypeAttribute=, groupMemberAttribute=member, sortControlSupported=false, useSsl=true, usePosixGroups=false, allowAnonymousLogin=false, authorizationCheckEnabled=true], eventPublisherPlugin, ApplicationContextClassloaderSwitchPlugin, SpringBootSpinProcessEnginePlugin]' activated on process engine 'default'
Is there any way to turn this log message off? Or change it?
-Doug