Worked on the alibaba/nacos repository to enhance security by addressing credential leakage risks in the Nacos client. Focused on improving logging practices, the developer updated the Java-based ClientBasicParamUtil utility to ensure that ACCESS_KEY values are now logged as ciphertext rather than plaintext, directly mitigating the CWE-532 vulnerability. This change strengthened the project’s compliance posture and reduced the risk of sensitive data exposure in operational logs. Leveraging skills in configuration management, logging, and security, the developer contributed a targeted bug fix that improved auditability and aligned with best practices for handling credentials in distributed systems using Java.