chore: ensure sensitive data redaction in logs across all connectors (#…

…2682)

connectors/automation-anywhere/src/main/java/io/camunda/connector/automationanywhere/model/request/auth/ApiKeyAuthentication.java

@@ -15,4 +15,9 @@ public record ApiKeyAuthentication(
     @NotBlank @TemplateProperty(label = "Username", id = "apiUsername", group = "authentication")
         String username,
     @NotBlank @TemplateProperty(label = "API key", group = "authentication") String apiKey)
-    implements Authentication {}
+    implements Authentication {
+  @Override
+  public String toString() {
+    return "ApiKeyAuthentication{" + "username='" + username + "'" + ", apiKey=[REDACTED]" + "}";
+  }
+}

connectors/automation-anywhere/src/main/java/io/camunda/connector/automationanywhere/model/request/auth/PasswordBasedAuthentication.java

@@ -30,4 +30,16 @@ public record PasswordBasedAuthentication(
               @TemplateProperty.DropdownPropertyChoice(value = "false", label = "FALSE")
             })
         Boolean multipleLogin)
-    implements Authentication {}
+    implements Authentication {
+  @Override
+  public String toString() {
+    return "PasswordBasedAuthentication{"
+        + "username='"
+        + username
+        + "'"
+        + ", password=[REDACTED]"
+        + ", multipleLogin="
+        + multipleLogin
+        + "}";
+  }
+}

connectors/automation-anywhere/src/main/java/io/camunda/connector/automationanywhere/model/request/auth/TokenBasedAuthentication.java

@@ -13,4 +13,9 @@
 @TemplateSubType(id = "tokenBasedAuthentication", label = "Authentication (refresh) token")
 public record TokenBasedAuthentication(
     @NotBlank @TemplateProperty(label = "Token", group = "authentication") String token)
-    implements Authentication {}
+    implements Authentication {
+  @Override
+  public String toString() {
+    return "TokenBasedAuthentication{token=[REDACTED]}";
+  }
+}

connectors/aws/aws-base/src/main/java/io/camunda/connector/aws/model/impl/AwsAuthentication.java

@@ -52,7 +52,15 @@ record AwsStaticCredentialsAuthentication(
                   "Provide a secret key of a user with permissions to invoke specified AWS Lambda function")
           @NotBlank
           String secretKey)
-      implements AwsAuthentication {}
+      implements AwsAuthentication {
+    @Override
+    public String toString() {
+      return "AwsStaticCredentialsAuthentication{"
+          + "accessKey=[REDACTED]"
+          + ", secretKey=[REDACTED]"
+          + "}";
+    }
+  }
 
   @TemplateSubType(
       id = "defaultCredentialsChain",

connectors/jdbc/src/main/java/io/camunda/connector/jdbc/model/request/connection/DetailedConnection.java

@@ -54,4 +54,23 @@ public Properties getProperties() {
     }
     return properties;
   }
+
+  @Override
+  public String toString() {
+    return "DetailedConnection{"
+        + "host='"
+        + host
+        + "'"
+        + ", port='"
+        + port
+        + "'"
+        + ", username=[REDACTED]"
+        + ", password=[REDACTED]"
+        + ", databaseName='"
+        + databaseName
+        + "'"
+        + ", properties="
+        + properties
+        + "}";
+  }
 }

connectors/jdbc/src/main/java/io/camunda/connector/jdbc/model/request/connection/UriConnection.java

@@ -52,4 +52,9 @@ public Properties getProperties() {
     properties.putAll(this.uriProperties());
     return properties;
   }
+
+  @Override
+  public String toString() {
+    return "UriConnection{" + "uri='" + uri + "'" + ", uriProperties=[REDACTED]" + "}";
+  }
 }

connectors/rabbitmq/src/main/java/io/camunda/connector/rabbitmq/common/model/CredentialsAuthentication.java

@@ -14,4 +14,14 @@
 public record CredentialsAuthentication(
     @NotBlank @TemplateProperty(group = "authentication", label = "Username") String userName,
     @NotBlank @TemplateProperty(group = "authentication", label = "Password") String password)
-    implements RabbitMqAuthentication {}
+    implements RabbitMqAuthentication {
+  @Override
+  public String toString() {
+    return "CredentialsAuthentication{"
+        + "userName='"
+        + userName
+        + "'"
+        + ", password=[REDACTED]"
+        + "}";
+  }
+}

connectors/rabbitmq/src/main/java/io/camunda/connector/rabbitmq/common/model/UriAuthentication.java

@@ -23,4 +23,9 @@ public record UriAuthentication(
             description =
                 "URI should contain username, password, host name, port number, and virtual host")
         String uri)
-    implements RabbitMqAuthentication {}
+    implements RabbitMqAuthentication {
+  @Override
+  public String toString() {
+    return "UriAuthentication{" + "uri=[REDACTED]" + "}";
+  }
+}

connectors/sendgrid/src/main/java/io/camunda/connector/sendgrid/model/SendGridRequest.java

@@ -216,9 +216,7 @@ public int hashCode() {
   @Override
   public String toString() {
     return "SendGridRequest{"
-        + "apiKey='"
-        + apiKey
-        + '\''
+        + "apiKey=[REDACTED]"
         + ", from="
         + from
         + ", to="

connectors/slack/src/main/java/io/camunda/connector/slack/inbound/model/SlackWebhookProperties.java

@@ -54,4 +54,16 @@ public SlackSignature.Verifier signatureVerifier() {
   }
 
   public record SlackConnectorPropertiesWrapper(SlackWebhookProperties inbound) {}
+
+  @Override
+  public String toString() {
+    return "SlackWebhookProperties{"
+        + "context='"
+        + context
+        + "'"
+        + ", slackSigningSecret=[REDACTED]"
+        + ", verificationExpression="
+        + verificationExpression
+        + "}";
+  }
 }

connectors/slack/src/main/java/io/camunda/connector/slack/outbound/SlackRequest.java

@@ -53,4 +53,9 @@ public SlackResponse invoke(final Slack slack) throws SlackApiException, IOExcep
     MethodsClient methods = slack.methods(token);
     return data.invoke(methods);
   }
+
+  @Override
+  public String toString() {
+    return "SlackRequest{" + "token=[REDACTED]" + ", data=" + data + "}";
+  }
 }

connectors/soap/src/main/java/io/camunda/connectors/soap/SoapConnectorInput.java

@@ -196,7 +196,19 @@ record UsernameToken(
         @TemplateProperty(label = "Encoded", group = "authentication", type = PropertyType.Dropdown)
             @NotNull
             SoapConnectorInput.YesNo encoded)
-        implements Authentication {}
+        implements Authentication {
+      @Override
+      public String toString() {
+        return "UsernameToken{"
+            + "username='"
+            + username
+            + "'"
+            + ", password=[REDACTED]"
+            + ", encoded="
+            + encoded
+            + "}";
+      }
+    }
 
     @TemplateSubType(id = "signature", label = "WSS signature")
     record Signature(
@@ -267,7 +279,17 @@ record SingleCertificate(
                     description = "The private key for the certificate")
                 @NotNull
                 String privateKey)
-            implements Certificate {}
+            implements Certificate {
+          @Override
+          public String toString() {
+            return "SingleCertificate{"
+                + "certificate='"
+                + certificate
+                + "'"
+                + ", privateKey=[REDACTED]"
+                + "}";
+          }
+        }
 
         @TemplateSubType(id = "keystore", label = "Keystore certificate")
         record KeystoreCertificate(
@@ -291,7 +313,21 @@ record KeystoreCertificate(
                     description = "The password to access the certificate",
                     group = "authentication")
                 String password)
-            implements Certificate {}
+            implements Certificate {
+          @Override
+          public String toString() {
+            return "KeystoreCertificate{"
+                + "keystoreLocation='"
+                + keystoreLocation
+                + "'"
+                + ", keystorePassword=[REDACTED]"
+                + ", alias='"
+                + alias
+                + "'"
+                + ", password=[REDACTED]"
+                + "}";
+          }
+        }
       }
 
       public record EncryptionPart(

connectors/webhook/src/main/java/io/camunda/connector/inbound/model/WebhookAuthorization.java

@@ -54,7 +54,12 @@ record BasicAuth(
               group = "authorization")
           @FEEL
           String password)
-      implements WebhookAuthorization {}
+      implements WebhookAuthorization {
+    @Override
+    public String toString() {
+      return "BasicAuth{" + "username='" + username + "'" + ", password=[REDACTED]" + "}";
+    }
+  }
 
   @TemplateSubType(id = "APIKEY", label = "API key")
   record ApiKeyAuth(
@@ -74,8 +79,18 @@ record ApiKeyAuth(
               defaultValue = "=split(request.headers.authorization, \" \")[2]")
           @NotEmpty
           Function<Object, String> apiKeyLocator)
-      implements WebhookAuthorization {}
+      implements WebhookAuthorization {
+    @Override
+    public String toString() {
+      return "ApiKeyAuth{" + "apiKey=[REDACTED]" + ", apiKeyLocator=" + apiKeyLocator + "}";
+    }
+  }
 
   @TemplateSubType(id = "JWT", label = "JWT")
-  record JwtAuth(JWTProperties jwt) implements WebhookAuthorization {}
+  record JwtAuth(JWTProperties jwt) implements WebhookAuthorization {
+    @Override
+    public String toString() {
+      return "JwtAuth{jwt=[REDACTED]}";
+    }
+  }
 }

connectors/webhook/src/main/java/io/camunda/connector/inbound/model/WebhookConnectorProperties.java

@@ -17,6 +17,7 @@
 import io.camunda.connector.inbound.utils.HttpMethods;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.Pattern;
+import java.util.Arrays;
 import java.util.Map;
 import java.util.function.Function;
 
@@ -152,4 +153,36 @@ public record WebhookConnectorPropertiesWrapper(WebhookConnectorProperties inbou
   private static <T> T getOrDefault(T value, T defaultValue) {
     return value != null ? value : defaultValue;
   }
+
+  @Override
+  public String toString() {
+    return "WebhookConnectorProperties{"
+        + "method='"
+        + method
+        + "'"
+        + ", context='"
+        + context
+        + "'"
+        + ", shouldValidateHmac='"
+        + shouldValidateHmac
+        + "'"
+        + ", hmacSecret=[REDACTED]"
+        + ", hmacHeader='"
+        + hmacHeader
+        + "'"
+        + ", hmacAlgorithm='"
+        + hmacAlgorithm
+        + "'"
+        + ", hmacScopes="
+        + Arrays.toString(hmacScopes)
+        + ", auth="
+        + auth
+        + ", responseExpression="
+        + responseExpression
+        + ", responseBodyExpression="
+        + responseBodyExpression
+        + ", verificationExpression="
+        + verificationExpression
+        + "}";
+  }
 }