Passwords should not be logged

[fweep]

On container startup, passwords are logged in plaintext. I've replaced them with REDACTED below, but they're plaintext. If you feel this is useful diagnostic information, please hide it behind a debug flag.

postfixadmin  | Postfixadmin not found in /var/www/html - copying now...
postfixadmin  | Complete! Postfixadmin has been successfully copied to /var/www/html
postfixadmin  | Write config to /var/www/html/config.local.php
postfixadmin  | <?php
postfixadmin  |                 $CONF['database_type'] = 'pgsql';
postfixadmin  |                 $CONF['database_host'] = 'REDACTED';
postfixadmin  |                 $CONF['database_port'] = '5432';
postfixadmin  |                 $CONF['database_user'] = 'postfixadmin';
postfixadmin  |                 $CONF['database_password'] = 'REDACTED';
postfixadmin  |                 $CONF['database_name'] = 'postfixadmin';
postfixadmin  |                 $CONF['setup_password'] = 'REDACTED';
postfixadmin  |                 $CONF['smtp_server'] = 'REDACTED';
postfixadmin  |                 $CONF['smtp_port'] = '25';
postfixadmin  |                 $CONF['encrypt'] = 'php_crypt:SHA512';
postfixadmin  |                 $CONF['configured'] = true;
postfixadmin  |                 ?>

[dpurnam]

A Related issue I experienced is that the Stack Trace error/warning displayed confidential credentials. Definitely a +1 for debug/tracing enable/disable configuration variable/switch

[DavidGoodwin]

perhaps we need to litter the code with #SensitiveParameter - at least for newer versions of PHP that would stop them being displayed in some backtraces etc

see also https://wiki.php.net/rfc/redact_parameters_in_back_traces