From fca928d609baffa87750d9de8b3d48e8746d64ce Mon Sep 17 00:00:00 2001
From: YoulongChen <30854794+YLChen-007@users.noreply.github.com>
Date: Mon, 5 Jan 2026 20:28:48 +0800
Subject: [PATCH] fix HMAC Signatures and API Keys Logged in Plaintext (#12021)

Co-authored-by: chenyoulong20g@ict.ac.cn <chenyoulong20g@ict.ac.cn>
Co-authored-by: dahn <daan.hoogland@gmail.com>
---
 .../java/com/cloud/storage/template/HttpTemplateDownloader.java | 2 +-
 .../schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java b/core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java
index cf49217ef5b..6fe001de72c 100755
--- a/core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java
+++ b/core/src/main/java/com/cloud/storage/template/HttpTemplateDownloader.java
@@ -151,7 +151,7 @@ public class HttpTemplateDownloader extends ManagedContextRunnable implements Te
                 client.getParams().setAuthenticationPreemptive(true);
                 Credentials defaultcreds = new UsernamePasswordCredentials(user, password);
                 client.getState().setCredentials(new AuthScope(hostAndPort.first(), hostAndPort.second(), AuthScope.ANY_REALM), defaultcreds);
-                logger.info("Added username=" + user + ", password=" + password + "for host " + hostAndPort.first() + ":" + hostAndPort.second());
+                logger.info("Added username={}, password=****** for host {}:{}", user, hostAndPort.first(), hostAndPort.second());
             } else {
                 logger.info("No credentials configured for host=" + hostAndPort.first() + ":" + hostAndPort.second());
             }
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java b/engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java
index 384826227af..cccfbe8a006 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/DatabaseCreator.java
@@ -99,7 +99,7 @@ public class DatabaseCreator {
             String username = dbProperties.getProperty(String.format("db.%s.username", database));
             String password = dbProperties.getProperty(String.format("db.%s.password", database));
             String dbName = dbProperties.getProperty(String.format("db.%s.name", database));
-            System.out.println(String.format("========> Initializing database=%s with host=%s port=%s username=%s password=%s", dbName, host, port, username, password));
+            System.out.println(String.format("========> Initializing database=%s with host=%s port=%s username=%s password=******", dbName, host, port, username));
 
             List<String> queries = new ArrayList<String>();
             queries.add(String.format("drop database if exists `%s`", dbName));