While running Confluence using docker, Password value passed through ATL_JDBC_PASSWORD is not Sanitised in support zip
Originally reported as https://jira.atlassian.com/browse/CONFSERVER-60144
While running Confluence from docker, if the ATL_JDBC_PASSWORD command is used in the docker/docker-compose commands, the value of the password is not sanitised in the support zip created from the instance. This is also true for other custom values such as JKS_PASS etc, where if password value is passed, it is presented without being sanitised.
7.4.0 Confluence using docker.
Steps to Reproduce
Create a docker instance of Confluence using steps from https://hub.docker.com/r/atlassian/confluence-server/
Ensure to pass ATL_JDBC_USER and ATL_JDBC_PASSWORD commands along with ATL_JDBC_URL and ATL_DB_TYPE so that these values need not be specified during database creation.
Start the instance.
Extract support zip from the instance, once it starts running.
The password information specified under ATL_JDBC_PASSWORD should be sanitised along with any other password information.
Password is not sanitised.
No workaround at this time