Hide client-id and -secret when using oauth-authenticator #8558
Description
Current Behavior
Currently, to protect the Frank!Console we use Entra ID. The clientSecret added for console security is visible in the environment variables. To hide this, we tried to define credentials and get the values from there, but this did not work. When I tried this for http security it worked.
Expected Behavior
clientSecret is should not be visible in environment variables.
Environment Information
ff version: 9.1.0-20250301.042325
Steps To Reproduce
No response
Configuration
application.security.console.authentication.clientId: ${credential:username:azure.credentials}
application.security.console.authentication.clientSecret: ${credential:password:azure.credentials}
application.security.http.authenticators.oauth.clientId: ${credential:username:azure.credentials}
application.security.http.authenticators.oauth.clientSecret: ${credential:password:azure.credentials}Input
No response
What database are you using?
No response
What browsers are you seeing the problem on?
No response
Relevant Log Output
Anything else?
No response
Metadata
Metadata
Assignees
Type
Projects
Status