Camel outputs sensitive date in logs when log level is set to DEBUG

Issue

The class org.apache.camel.util.IntrospectionSupport.java logs every property set on a component or an endpoint when the debug log level is turned on, including potential sensitive data.

For example, if you have a simple route like below,

  from("sftp://vgohel@IP_ADDRESS/testCamelDir?password=hello").to("log:myLog?showHeaders=true");

then turning on the DEBUG logging for org.apcahe.camel using log4j.properties or even setting the logger category in pax-logging in Karaf, we are able to see the below lines in the DEBUG logs,

2018-02-22 12:21:53,586 [DEBUG] [main] org.apache.camel.util.IntrospectionSupport - Configured property: password on bean:  with value: hello

The password can be sensitive, hence, we need to some mask or a have a filter to display this information.

Environment

Red Hat JBoss Fuse
- 6.3.x
Apache Camel

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories