BMC interface credentials stored in Foreman are accessible through the ENC YAML output and through templates (#15046), however it isn't clear that they are so readily available when entering them and there is no option to restrict it.

It should be possible to disable access through the ENC YAML and templates to credentials if the administrator wishes, via a setting. This would use the credentials only for BMC smart proxies.

The BMC interface form should probably also state where the credentials are accessible from.

Reported by Alex Fisher to foreman-security@googlegroups.com, thanks. No CVE will be requested as it's by design, this is hardening.