From d035ecce71f2c1d692930820f1eddf77d86265e2 Mon Sep 17 00:00:00 2001
From: Dustin Scott <sdustin@vmware.com>
Date: Mon, 11 Apr 2022 10:19:41 -0500
Subject: [PATCH] feat: restrict rfc2136 kerberos password from being exposed
 in logs

Signed-off-by: Dustin Scott <sdustin@vmware.com>
---
 pkg/apis/externaldns/types.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/apis/externaldns/types.go b/pkg/apis/externaldns/types.go
index f559c84d52..92e49e3800 100644
--- a/pkg/apis/externaldns/types.go
+++ b/pkg/apis/externaldns/types.go
@@ -166,7 +166,7 @@ type Config struct {
 	RFC2136GSSTSIG                    bool
 	RFC2136KerberosRealm              string
 	RFC2136KerberosUsername           string
-	RFC2136KerberosPassword           string
+	RFC2136KerberosPassword           string `secure:"yes"`
 	RFC2136TSIGKeyName                string
 	RFC2136TSIGSecret                 string `secure:"yes"`
 	RFC2136TSIGSecretAlg              string