Is your feature request related to a problem? Please describe.
By default, auto instrumentation ships process.command_args, which is very dangerous as a lot of java services pass in secrets via command line arguments (see example in additional context).
Describe the solution you'd like
Can we disable this by default? I see there was some agreement to do this in open-telemetry/opentelemetry-java#3240, but the answer in open-telemetry/opentelemetry-java#4231 doesn't quite do that.
Describe alternatives you've considered
In the interim, we are testing setting OTEL_JAVA_DISABLED_RESOURCE_PROVIDERS to io.opentelemetry.instrumentation.resources.ProcessResourceProvider for all of our java apps.
Additional context
java \
-Dkeycloak.clientSecret="${KEYCLOAK_SECRET:-test}" \
-jar app.jar
Is your feature request related to a problem? Please describe.
By default, auto instrumentation ships
process.command_args, which is very dangerous as a lot of java services pass in secrets via command line arguments (see example in additional context).Describe the solution you'd like
Can we disable this by default? I see there was some agreement to do this in open-telemetry/opentelemetry-java#3240, but the answer in open-telemetry/opentelemetry-java#4231 doesn't quite do that.
Describe alternatives you've considered
In the interim, we are testing setting
OTEL_JAVA_DISABLED_RESOURCE_PROVIDERStoio.opentelemetry.instrumentation.resources.ProcessResourceProviderfor all of our java apps.Additional context