You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@flink.apache.org by 狗嗖 <10...@qq.com> on 2022/01/18 09:17:58 UTC

Question about plain password in flink-conf.yaml

Hello,
security.ssl.rest.*-password and s3.secret.key are parameters in flink-conf.xml that can only be set with plain text, which may lead to password leak. Can anyone provide some other extended capabilities that allow developers to configure cipher text and specify classes and methods to decrypt it? Like all user needs to do is provide an encrypted password, a class file or JAR package that helps decryption, and place them in flink classpath.
Thanks,
Jerry

Re: Question about plain password in flink-conf.yaml

Posted by Gabor Somogyi <ga...@gmail.com>.

export SSL_PASSWORD=secret
flink run -yDsecurity.ssl.rest.*-password=$SSL_PASSWORD ... app.jar

Such way the code which starts the workload can store the passwords in a
centrally protected area.
This still can be hacked but at least not stored in plain text file.

BR,
G

On Tue, Jan 18, 2022 at 10:18 AM 狗嗖 <10...@qq.com> wrote:

> Hello,
> security.ssl.rest.*-password and s3.secret.key are parameters in
> flink-conf.xml that can only be set with plain text, which may lead to
> password leak. Can anyone provide some other extended capabilities that
> allow developers to configure cipher text and specify classes and methods
> to decrypt it? Like all user needs to do is provide an encrypted password,
> a class file or JAR package that helps decryption, and place them in flink
> classpath.
> Thanks,
> Jerry
>