Croway opened a new pull request, #24592: URL: https://github.com/apache/camel/pull/24592
### What Sweep across components fixing missing security metadata on options, so sensitive values are masked (JMX, `camel jbang get`, endpoint URI dumps, logs) and insecure flags are visible to the security policy (`camel.security.*` / `camel.main.profile=prod`). **Options now marked `security = "secret"`:** | Component | Options | |---|---| | camel-openai | `apiKey` (component level) | | camel-huggingface | `authToken` | | camel-vertx-http | `basicAuthPassword`, `bearerToken`, `proxyPassword` (endpoint + component) | | camel-servicenow | `proxyPassword` | | camel-smpp | `httpProxyPassword` | | camel-twitter | `httpProxyPassword` | | camel-geocoder | `proxyAuthPassword` | | camel-huaweicloud-dms | `password`, `kafkaManagerPassword` | | camel-weather | `appid`, `geolocationAccessKey` | | camel-jcr | `password` | | camel-wordpress | `password` | | camel-whatsapp | `webhookVerifyToken` (also migrated `webhookSecret` from the deprecated `secret = true` to `security = "secret"`) | **Insecure TLS toggles now tagged for the security policy:** - camel-oaipmh: `ignoreSSLWarnings` → `security = "insecure:ssl"` - camel-ibm-watsonx-ai: `verifySsl` → `security = "insecure:ssl", insecureValue = "false"` (also relabeled from `advanced` to `security`) All generated files (component JSON metadata, URI factories, catalog `sensitive-keys.json`, `SensitiveUtils`/`SecurityUtils`) regenerated — `basicauthpassword` and `bearertoken` are new entries in the global sensitive-keys registry, and the two SSL toggles are now registered security options. No behavior change beyond masking and security-policy visibility; no new options, no changed defaults. _Claude Code on behalf of Croway_ 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
