Do not save credentials in config.json (#16275)

cmd/server-main.go

@@ -535,10 +535,6 @@ func serverMain(ctx *cli.Context) {
 		}
 	}()
 
-	if !globalActiveCred.IsValid() && globalIsDistErasure {
-		globalActiveCred = auth.DefaultCredentials
-	}
-
 	// Set system resources to maximum.
 	setMaxResources()
 
@@ -605,6 +601,12 @@ func serverMain(ctx *cli.Context) {
 		logger.Info(color.RedBold("WARNING: Strict AWS S3 compatible incoming PUT, POST content payload validation is turned off, caution is advised do not use in production"))
 	}
 
+	if globalActiveCred.Equal(auth.DefaultCredentials) {
+		msg := fmt.Sprintf("WARNING: Detected default credentials '%s', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables",
+			globalActiveCred)
+		logger.Info(color.RedBold(msg))
+	}
+
 	if err = initServer(GlobalContext, newObject); err != nil {
 		var cerr config.Err
 		// For any config error, we don't need to drop into safe-mode
@@ -621,19 +623,6 @@ func serverMain(ctx *cli.Context) {
 		logger.LogIf(GlobalContext, err)
 	}
 
-	if globalActiveCred.Equal(auth.DefaultCredentials) {
-		msg := fmt.Sprintf("WARNING: Detected default credentials '%s', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables",
-			globalActiveCred)
-		logger.Info(color.RedBold(msg))
-	}
-
-	savedCreds, _ := config.LookupCreds(globalServerConfig[config.CredentialsSubSys][config.Default])
-	if globalActiveCred.Equal(auth.DefaultCredentials) && !globalActiveCred.Equal(savedCreds) {
-		msg := fmt.Sprintf("WARNING: Detected credentials changed to '%s', please set them back to previously set values",
-			globalActiveCred)
-		logger.Info(color.RedBold(msg))
-	}
-
 	// Initialize users credentials and policies in background right after config has initialized.
 	go func() {
 		globalIAMSys.Init(GlobalContext, newObject, globalEtcdClient, globalRefreshIAMInterval)