Major Description
We are running AMQ Streams 1.4 in OpenShift environment. Currently when the entity operator starts up it is printing the certificate passwords in plain-text, which show up in our logs. This is causing problems with our audits. Both the STRIMZI_KEYSTORE_PASSWORD and STRIMZI_TRUSTSTORE_PASSWORD passwords are being displayed as shown below.
[2020-04-22 14:58:32,701] INFO <Session :58> [main ] Using config:;
STRIMZI_TRUSTSTORE_LOCATION: /tmp/topic-operator/replication.truststore.p12;
STRIMZI_RESOURCE_LABELS: strimzi.io/cluster=admin-systems;
STRIMZI_KAFKA_BOOTSTRAP_SERVERS: admin-systems-kafka-bootstrap:9091;
STRIMZI_NAMESPACE: admin-systems-kafka;
STRIMZI_ZOOKEEPER_SESSION_TIMEOUT_MS: 20000;
STRIMZI_FULL_RECONCILIATION_INTERVAL_MS: 90000;
STRIMZI_ZOOKEEPER_CONNECT: localhost:2181;
STRIMZI_TLS_ENABLED: true;
STRIMZI_KEYSTORE_PASSWORD: plain-text-password-here;
STRIMZI_TOPIC_METADATA_MAX_ATTEMPTS: 6;
STRIMZI_REASSIGN_VERIFY_INTERVAL_MS: 120000;
STRIMZI_KEYSTORE_LOCATION: /tmp/topic-operator/replication.keystore.p12;
TC_ZK_CONNECTION_TIMEOUT_MS: 20000;
STRIMZI_TRUSTSTORE_PASSWORD: plain-text-password-here;
STRIMZI_REASSIGN_THROTTLE: 9223372036854775807;
I looked at the source code for the Session object and it appears that there is no filtering of the configuration information before logging.
https://github.com/strimzi/strimzi-kafka-operator/blob/master/topic-operator/src/main/java/io/strimzi/operator/topic/Session.java
