gnodet commented on PR #22194: URL: https://github.com/apache/camel/pull/22194#issuecomment-4128687223
_Claude Code on behalf of Guillaume Nodet_ Thanks for the feedback @squakez! The latest push addresses the concerns raised: **Self-signed certificate is now explicit opt-in only:** - Requires `camel.ssl.selfSigned=true` — no auto-generation when keystore is missing - When SSL is enabled without a keystore or `selfSigned`, a warning is logged and SSL context creation is skipped - The self-signed generation emits a `WARN` log: "Do NOT use this in production" **Secret annotations fixed:** - `camel.ssl.keystorePassword` and `camel.ssl.trustStorePassword` are now marked `secret=true` (was missing) **Follow-up for broader secret/dev-setting warnings:** - Created [CAMEL-23250](https://issues.apache.org/jira/browse/CAMEL-23250) to track: - Warning when plain-text secrets are used in configuration (instead of vault/env refs) - Flagging development-only settings (`selfSigned`, `trustAllCertificates`) when used in production profiles - Fixing `PropertiesDevConsole` JSON output which doesn't mask secrets -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
