We can add a mask option to the Log EIP. It would then take the toString to be logged, and then run a series of reg exp to search/replace sensitive information such as password and passphrase.
We need to do this for key=value, xml and json format. So it kinda works on most common formats.
We can then add this in the docs that this is what it can do, so users can use it as-is or not. Only if they have very special cases they would then need to write their own mask method and call as a bean from the log message.
We can also add such functionality to the log component itself, eg <to uri="log:xxx">.
So they reuse the same masking algorithm.
See UriSupport which have masking for uris with key=value