When I run this release in openshift, I get the messages below, which mean quarkus stored the preprod password from the command line in the image. This has consequences for security, so I want to get rid of that.
I can hide the messages by changing application.properties like this, but this would remove only the dev password, not the preprod password. So what should I do?
WARN [io.qua.run.ConfigChangeRecorder] (main) Build time property cannot be changed at runtime. quarkus.container-image.tag was VERSIONNUMBER at build time and is now latest
WARN [io.qua.run.ConfigChangeRecorder] (main) Build time property cannot be changed at runtime. quarkus.container-image.username was USERNAME at build time and is now OTHERUSERNAME
WARN [io.qua.run.ConfigChangeRecorder] (main) Build time property cannot be changed at runtime. quarkus.container-image.password was SOME_PREPROD_PASSWORD at build time and is now SOME_DEV_PASSWORD
Describe the bug
I created an image with jenkins and it contains in application.properties a line:
When releasing, jenkins runs the maven build with
When I run this release in openshift, I get the messages below, which mean quarkus stored the preprod password from the command line in the image. This has consequences for security, so I want to get rid of that.
I can hide the messages by changing application.properties like this, but this would remove only the dev password, not the preprod password. So what should I do?
https://github.com/quarkusio/quarkus/issues/17519
$upstream:17519$