John McCabe created BROOKLYN-269: ------------------------------------ Summary: Sensitive external values exposed in debug logs when using external config supplier Key: BROOKLYN-269 URL: https://issues.apache.org/jira/browse/BROOKLYN-269 Project: Brooklyn Issue Type: Bug Affects Versions: 0.10.0 Reporter: John McCabe
Passwords etc are exposed in debug logs when using an external config supplied, in this case {{org.apache.brooklyn.core.config.external.InPlaceExternalConfigSupplier}} {code} password: $brooklyn:external("my-credentials", "supersecretpassword") {code} {code} 2016-05-18 07:51:27,979 DEBUG o.a.b.c.b.s.d.BrooklynDslDeferredSupplier [brooklyn-execmanager-ajTGRUqW-212]: Resolved supersecretpassword from $brooklyn:external("my-credentials", "password") {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)