Have you looked at the jsypt component? With it, you can store your
password encrypted, then access it using property placeholder syntax:
ftps://<host>?password={{my_ftp_password}}
Of course, if your file system security is sufficient, you can skip the
jsypt part. Everything else would be the same.
On Tue, Sep 6, 2022 at 6:02 PM Wilken Marci J
<marci.j.wil...@dhsoha.state.or.us.invalid> wrote:
> HI all,
> Issue: sensitive data getting passed from the exchange header to the logs
> in the clear.
>
> Is there a way to encrypt header value in camel? I've got several
> values; id, ssn, dob, password that get passed around in the message
> header or that I would like to pass in the header. I would prefer to pass
> these with some kind of encryption instead of a String.
>
> Simple example: To call an sftp route I need to send the password and for
> debugging purposes I want to log the call before connecting. Route A reads
> the vault for the appropriate user id and password and place the info in
> the header (the message is in the body) and call the sftp route.
>
>
> .log(LoggingLevel.INFO,
> "ftps://{{file.router.remote.host}}:{{file.router.remote.port}}//{{file.router.remote.home}}"
> +
> "?password=${header.password}"
> +
> "&username=${header.userName}"
> //
> + "&stepwise=true" // unknown if it works or makes a difference
> // doesn't like +
> "&strictHostKeyChecking=no"
> +
> "&include=${header.CamelFileName}"
> +
> "&fileName=${header.TransmissionCamelFileName}"
> +
> "&noop=true"
> +
> "&keepLastModified=true"
> // ojd does not like this +
> "&execPbsz={{file.router.remote.ftpsPBSZ}}"
> +
> "&securityProtocol={{file.router.remote.ftpsprotocol}}"
> +
> "&passiveMode=true" // ?
> +
> "&binary=false" // ?
> // doesn't
> like + "&implicit={{file.router.remote.ftpsimplicit}}"
> // leave
> the file to be archived
> +
> "&reconnectDelay={{file.router.reconnectDelay}}"
> +
> "&maximumReconnectAttempts={{file.router.maximumReconnectAttempts}}"
> +
> "&backoffErrorThreshold=5"
> +
> "&backoffMultiplier=10"
> +
> "&runLoggingLevel={{file.router.runLoggingLevel:WARN}}"
> +
> "&transferLoggingVerbose=true")
>
>
>
> Regards-
> Marci Wilken
> She/Her/Hers
> Operations Architect
> Office of Information Services
> OHA/DHS/CAF-CW/OR-KIDS
> Desk: 503.378.2405 Cell: 503.979.9680
>
> CONFIDENTIALITY NOTICE
> This email may contain information that is privileged, confidential, or
> otherwise exempt from disclosure under applicable law. If you are not the
> addressee or it appears from the context or otherwise that you have
> received this email in error, please advise me immediately by reply email,
> keep the contents confidential, and immediately delete the message and any
> attachments from your system.
>
>
>
