All start.d ini parameters become viewable; non obvious

[kevinmcmurtrie]

Jetty version(s)
Jetty 12

Enhancement Description
Contents of ini files in start.d turn into process parameters. It's non-obvious that settings, possibly protected by file permissions, become part of the publicly viewable process arguments. This isn't great for anything that contains a password, like start.d/ssl.ini.

It looks like it happens here:

jetty.project/jetty-home/src/main/resources/bin/jetty.sh

Line 571 in dde6ae1

JETTY_DRY_RUN=$(echo "${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}" | xargs "$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args,envs)

The best solution would be for the file contents to remain hidden. At the least, ssl.ini and similar should locally document that all values become public.

[sbordet]

This is what jetty.sh does now, but you can write your own script and use the JVM arguments file feature as documented here: https://jetty.org/docs/jetty/12.1/operations-guide/start/index.html#configure-dry-run

Search for "JVM arguments file feature" in that page.

However, it is an interesting idea, and we may offer it as an option, and maybe default it in the future.

For reference, the java @argFile syntax was introduced in Java 9, see also https://bugs.openjdk.org/browse/JDK-8027634.