Federico Mariani created CAMEL-23998:
----------------------------------------
Summary: Mark sensitive component options with security=secret and
tag insecure SSL flags
Key: CAMEL-23998
URL: https://issues.apache.org/jira/browse/CAMEL-23998
Project: Camel
Issue Type: Improvement
Reporter: Federico Mariani
Assignee: Federico Mariani
Sweep across components to fix missing security metadata on options, so
sensitive values are masked (JMX, camel-jbang, endpoint URI dumps) and insecure
flags are visible to the security policy ({{camel.security.*}}).
Sensitive options not marked as secret:
* camel-openai: component-level {{apiKey}}
* camel-huggingface: {{authToken}}
* camel-vertx-http: {{basicAuthPassword}}, {{bearerToken}}, {{proxyPassword}}
(endpoint + component level)
* camel-servicenow: {{proxyPassword}}
* camel-smpp: {{httpProxyPassword}}
* camel-twitter: {{httpProxyPassword}}
* camel-geocoder: {{proxyAuthPassword}}
* camel-huaweicloud-dms: {{password}}, {{kafkaManagerPassword}}
* camel-weather: {{appid}}, {{geolocationAccessKey}}
* camel-jcr: {{password}}
* camel-wordpress: {{password}}
* camel-whatsapp: {{webhookVerifyToken}} (and migrate {{webhookSecret}} from
deprecated {{secret=true}} to {{security="secret"}})
Insecure TLS toggles not tagged for the security policy:
* camel-oaipmh: {{ignoreSSLWarnings}} -> {{security="insecure:ssl"}}
* camel-ibm-watsonx-ai: {{verifySsl}} -> {{security="insecure:ssl",
insecureValue="false"}} (also relabel from advanced to security)
_Filed by Claude Code on behalf of Federico Mariani_
--
This message was sent by Atlassian Jira
(v8.20.10#820010)