It turns out that we have some sensitive info in the kafka configurations (both audit and notifications) and I think we should use a similar approach for that. The specific field with the connection info in this case is the saslJaasConfig, although only a small part of that is actually sensitive.
For our 0.1.0 we introduced support for passing sensitive info like passwords via helm secrets (documented in https://github.com/Alvearie/alvearie-helm/pull/25/files) as opposed to hardcoding them or forcing users.
It turns out that we have some sensitive info in the kafka configurations (both audit and notifications) and I think we should use a similar approach for that. The specific field with the connection info in this case is the saslJaasConfig, although only a small part of that is actually sensitive.