Federico Mariani created CAMEL-23998:
----------------------------------------

             Summary: Mark sensitive component options with security=secret and 
tag insecure SSL flags
                 Key: CAMEL-23998
                 URL: https://issues.apache.org/jira/browse/CAMEL-23998
             Project: Camel
          Issue Type: Improvement
            Reporter: Federico Mariani
            Assignee: Federico Mariani


Sweep across components to fix missing security metadata on options, so 
sensitive values are masked (JMX, camel-jbang, endpoint URI dumps) and insecure 
flags are visible to the security policy ({{camel.security.*}}).

Sensitive options not marked as secret:
* camel-openai: component-level {{apiKey}}
* camel-huggingface: {{authToken}}
* camel-vertx-http: {{basicAuthPassword}}, {{bearerToken}}, {{proxyPassword}} 
(endpoint + component level)
* camel-servicenow: {{proxyPassword}}
* camel-smpp: {{httpProxyPassword}}
* camel-twitter: {{httpProxyPassword}}
* camel-geocoder: {{proxyAuthPassword}}
* camel-huaweicloud-dms: {{password}}, {{kafkaManagerPassword}}
* camel-weather: {{appid}}, {{geolocationAccessKey}}
* camel-jcr: {{password}}
* camel-wordpress: {{password}}
* camel-whatsapp: {{webhookVerifyToken}} (and migrate {{webhookSecret}} from 
deprecated {{secret=true}} to {{security="secret"}})

Insecure TLS toggles not tagged for the security policy:
* camel-oaipmh: {{ignoreSSLWarnings}} -> {{security="insecure:ssl"}}
* camel-ibm-watsonx-ai: {{verifySsl}} -> {{security="insecure:ssl", 
insecureValue="false"}} (also relabel from advanced to security)

_Filed by Claude Code on behalf of Federico Mariani_



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to