There are some use cases in which we may want to mask various sensitive values from the SDC configuration display in the SDC UI. This display is when you click the "gears icon" in the upper right corner, then select "Configuration". By default, any parameters whose name contains "password" will have it's value masked.
This may not be adequate to obscure all the sensitive properties in the sdc.properties configuration file.
There is a mechanism to extend this feature by adding a configuration entry to the sdc.properties file. If you build a regex for the parameter names (keys) you want to mask, you can add that regex to a configuration line and append it to the end of the sdc.properties file.
In this screengrab, you can see we searched for runtime.conf properties before adding the sensitive.properties. Remember that names containing "password" are masked by default, so that is why the runtime.conf.JDBC_PASSWORD field is masked:
and after update the sdc.properties file with an example is:
sensitive.properties=.*(password|runtime.conf).*
Here is a screengrab in which we again search for "runtime":
Runtime.conf.JDBC_PASSWORD is still masked because "password" it is part of the replacement regex, as are all the parameters with names starting with runtime.conf.
Two additional points to note - First, masking is case insensitive, hence fields containing "PASSWORD" and "password" are both masked. The second point is that the regex you supply replaces the default regex of ".*password.*" Please remember to include support to continue to mask "password" in the regex you supply.
Remember to restart SDC for this change to take effect.
