Open de-jcup opened 2 weeks ago
(This is related to #3223 ) but here we only focus on the security part.
We do not want to have the possibility that any tool on the SecHub machine would accidently store any sensitive data by event logs.
Sensitive information may be not be defined with something else than environment variables
Sensitive information are
spring.datasource.password
sechub.initialadmin.userid
sechub.initialadmin.email
sechub.storage.*
Situation
(This is related to #3223 ) but here we only focus on the security part.
We do not want to have the possibility that any tool on the SecHub machine would accidently store any sensitive data by event logs.
Wanted
Sensitive information may be not be defined with something else than environment variables
Solution
SecHub Solution
Java
Sensitive information are
spring.datasource.password
sechub.initialadmin.userid
sechub.initialadmin.userid
sechub.initialadmin.email
sechub.storage.*