Password displayed as plain String in Camunda dashboard - ensure the display field is encrypted.

[rmathew1011]

The password variable field is displayed as plain String as shown in the attachement - ensure this is encrypted.

William suggestion: Wonder if BPMN has support for secrets?

A spike should be performed to determine if a secrets approach is forthcoming. If not, a secrets style implementation should be made in Mod Camunda.

Some open source solutions to secret management with java integrations are:

• https://www.vaultproject.io/
• https://github.com/lyft/confidant
• https://github.com/bitnami-labs/sealed-secrets
• https://github.com/manifoldco/torus-cli

We can also check with out operations team to see if Rancher, or Azure might be leveraged for this.

[kaladay]

The solution must be designed to be portable to other entities and communities. There should be no in-house solutions.

[kaladay]

The Torus link above references this URL for documentation: https://torus.sh/docs. This URL currently does not resolve for me and this does not bode well for using torus-cli as an option.

[kaladay]

Upgrading to Camunda 8 has some potential:

• https://forum.camunda.io/t/create-password-field-in-task-form/375 (Probably not what we want but is worth mentioning.)
• https://docs.camunda.io/docs/components/console/manage-clusters/manage-secrets/
• https://camunda.com/blog/2022/07/a-technical-sneak-peek-into-camundas-connector-architecture/

The upgrade/migration guide:

• https://docs.camunda.io/docs/guides/migrating-from-camunda-7/
• https://blog.bernd-ruecker.com/moving-from-embedded-to-remote-workflow-engines-8472992cc371?gi=5812e12bf52b
• https://github.com/camunda-community-hub/camunda-platform-7-rest-client-java

[kaladay]

Upgrading to Camunda 8 seems like the best path to take, but has the cost of needing to migrate and upgrade all of our existing workflows as necessary.

see: #223