Anonymize password and secerts in com.haulmont.cuba.core.sys.AbstractWebAppContextLoader

I’m using cuba 7.2

The logger com.haulmont.cuba.core.sys.AbstractWebAppContextLoader allows to log all configuration keys.

It 's a cool feature. But the passwords and secrets are then in logs.

  • cuba.trustedClientPassword
  • cuba.web.ldap.password

  • Could it be possible to anonymise in log ( the.key=********** ) all keys that containIgnoreCase words like password, secret



For now, it is not possible. You can hide some properties in the UI using @Secret annotations like described here, Using Configuration Interfaces - CUBA Platform. Developer’s Manual, but there is no protection from dumping properties values to log file or console. The logger that you mentioned uses TRACE level to display all properties, do you need such a detailed level in production where it can be stolen?

If you feel that this functionality may be useful, you can submit a feature request to Issues · cuba-platform/cuba · GitHub we’ll discuss it with the team.