From 6ed928cd6b1e49e48c6be16ff2329f0867b85b39 Mon Sep 17 00:00:00 2001
From: Sandor Molnar <smolnar@apache.org>
Date: Tue, 28 Apr 2026 09:12:02 +0200
Subject: [PATCH] KNOX-3310: Fix redundant ALIAS_PASSPHRASE assignment and
 improve logging

---
 .../src/main/resources/docker/gateway-entrypoint.sh          | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gateway-docker/src/main/resources/docker/gateway-entrypoint.sh b/gateway-docker/src/main/resources/docker/gateway-entrypoint.sh
index 015dbe2fac..2cb0277a3d 100755
--- a/gateway-docker/src/main/resources/docker/gateway-entrypoint.sh
+++ b/gateway-docker/src/main/resources/docker/gateway-entrypoint.sh
@@ -42,10 +42,10 @@ set -o pipefail
 
 ## Helper function used to import certs into truststore
 ## Function takes cert file as argument
+## At this time ALIAS_PASSPHRASE is already initialized
 importMultipleCerts() {
   FILE=$1
   local import_failed=0
-  ALIAS_PASSPHRASE=$(/bin/cat "${KEYSTORE_PASSWORD_FILE}")
   # number of certs in the PEM file
   CERTS=$(/bin/grep 'END CERTIFICATE' "$FILE"| /usr/bin/wc -l)
   # For every cert in the PEM file, extract it and import into the JKS keystore
@@ -139,10 +139,11 @@ fi
 
 if [[ -n ${KEYSTORE_PASSWORD_FILE} ]] && [[ -f ${KEYSTORE_PASSWORD_FILE} ]]
 then
-  echo "Using provided keystore password file"
+  echo "Setting ALIAS_PASSPHRASE from provided keystore password file: ${KEYSTORE_PASSWORD_FILE}"
   ALIAS_PASSPHRASE=$(/bin/cat "${KEYSTORE_PASSWORD_FILE}" 2> /dev/null)
 else
    # If keystore password is not provided use master secret as alias passphrase
+   echo "Setting ALIAS_PASSPHRASE to MASTER_SECRET"
    ALIAS_PASSPHRASE="${MASTER_SECRET}"
 fi