From 107cec8a2f46b930422209f92a668e168ed7280d Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sun, 15 Mar 2026 12:16:27 +0100
Subject: [PATCH] fix: remove plaintext password from startup log in
 DataInitializer

The log statement revealed the default admin password in application
logs. Now only the username is logged, using the resolved variable
instead of a hardcoded string.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../java/org/raddatz/familienarchiv/config/DataInitializer.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/config/DataInitializer.java b/backend/src/main/java/org/raddatz/familienarchiv/config/DataInitializer.java
index 16607aec..8a023693 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/config/DataInitializer.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/config/DataInitializer.java
@@ -61,7 +61,7 @@ public class DataInitializer {
                         .build();
                 userRepository.save(admin);
 
-                log.info("Default Admin erstellt: User='admin', Pass='admin123'");
+                log.info("Default Admin erstellt: User='{}'", adminUsername);
             }
         };
     }