The credentials to access SonicMQ are configured in plaintext in the post-custom.sh (post-custom.conf for Windows) file like so
actional_sys_prop com.actional.jms.ext.sonicmq.url tcp://<host>:<port>
actional_sys_prop com.actional.jms.ext.sonicmq.username <username>
actional_sys_prop com.actional.jms.ext.sonicmq.password <password>
This can be a security concern for certain audit and certification requirements.
The configuration file can be secured through OS restrictive file permissions to limit who can access the file and obtain the credentials. The file should be configured to only be accessible by the process user that needs to access it. A fix is being worked on to enable encrypting the credentials when stored in the file.
The ACTA-57992 ticket is being used to track the fix for this issue.