Comment 8 for bug 1446408

> What branches does this impact?

This probably affects all stable branches, as auth_encryption_key exists in all of them - it's not quite clear to me if the logging of every config option occurs with the pinned version of oslo.config on all the stable branches though.

To clarify the exploitable aspect, I'd classify this as pretty low risk, as it requires all of the following:

- Heat has debug logging enabled
- Attacker can access the heat engine logs
- Attacker has direct access to the DB used by heat

If they have all of this, they're probably an operator, in which case they have access to the heat.conf anyway.

Worth fixing nonetheless, so proposing fixes to the stable branches is a good idea.