When using the auto-exporter along-side the standard OpenTelmetry Java agent (link), the Service Account access token is being logged.

This is a security issue, as it allows anyone with access to the logs to be able to impersonate the service.

The desired fix is that this token not be logged at all.