During application startup, the NiFi Registry prints a generated password to the $NIFI_REG_HOME/logs/nifi-registry-app.log file. This is (I believe) done by the org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration class (relevant decompiled source code below). I'm not sure what this password is used for, but we should change the logging severity settings for this class to suppress that message by default, and investigate why this is occurring in the first place.
Example log output:
Decompiled source code: