I have very little experience with forms, but my limited experience would tell me that you would have to wrap this in a task that would then be accessible only to certain people. You would have to go through the Task GUI to access it, but you could use Camunda’s authorization system to control who could use the task.
We’ve gone beyond this at my company because we’re using an external authorization system, but I’m not sure that’s applicable here.
The other option would be to explore authorization mechanism offered by the Java container you’re using (Tomcat, WildFly, etc.). In theory, you could leverage one of those within Camunda using a sort of single sign on (SSO) mechanism. For example, you could use LDAP for this.
I won’t trivialize what I’m suggesting here. It’s not easy to do any of this and unfortunately I can’t help much as this work was done by a colleague. I think you’re best bet is to try and leverage the Camunda authorization system through a task that you can restrict using the native Camunda security.