[ 
https://issues.apache.org/jira/browse/CAMEL-23998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Work on CAMEL-23998 started by Federico Mariani.
------------------------------------------------
> Mark sensitive component options with security=secret and tag insecure SSL 
> flags
> --------------------------------------------------------------------------------
>
>                 Key: CAMEL-23998
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23998
>             Project: Camel
>          Issue Type: Improvement
>            Reporter: Federico Mariani
>            Assignee: Federico Mariani
>            Priority: Major
>
> Sweep across components to fix missing security metadata on options, so 
> sensitive values are masked (JMX, camel-jbang, endpoint URI dumps) and 
> insecure flags are visible to the security policy ({{camel.security.*}}).
> Sensitive options not marked as secret:
> * camel-openai: component-level {{apiKey}}
> * camel-huggingface: {{authToken}}
> * camel-vertx-http: {{basicAuthPassword}}, {{bearerToken}}, {{proxyPassword}} 
> (endpoint + component level)
> * camel-servicenow: {{proxyPassword}}
> * camel-smpp: {{httpProxyPassword}}
> * camel-twitter: {{httpProxyPassword}}
> * camel-geocoder: {{proxyAuthPassword}}
> * camel-huaweicloud-dms: {{password}}, {{kafkaManagerPassword}}
> * camel-weather: {{appid}}, {{geolocationAccessKey}}
> * camel-jcr: {{password}}
> * camel-wordpress: {{password}}
> * camel-whatsapp: {{webhookVerifyToken}} (and migrate {{webhookSecret}} from 
> deprecated {{secret=true}} to {{security="secret"}})
> Insecure TLS toggles not tagged for the security policy:
> * camel-oaipmh: {{ignoreSSLWarnings}} -> {{security="insecure:ssl"}}
> * camel-ibm-watsonx-ai: {{verifySsl}} -> {{security="insecure:ssl", 
> insecureValue="false"}} (also relabel from advanced to security)
> _Filed by Claude Code on behalf of Federico Mariani_



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to