You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "David Arthur (Jira)" <ji...@apache.org> on 2022/07/27 16:17:00 UTC
[jira] [Created] (KAFKA-14115) Password configs are logged in plaintext in KRaft
David Arthur created KAFKA-14115:
------------------------------------
Summary: Password configs are logged in plaintext in KRaft
Key: KAFKA-14115
URL: https://issues.apache.org/jira/browse/KAFKA-14115
Project: Kafka
Issue Type: Bug
Reporter: David Arthur
Fix For: 3.3.0, 3.4.0
While investigating KAFKA-14111, I also noticed that ConfigurationControlManager is logging sensitive configs in plaintext at INFO level.
{code}
[2022-07-27 12:14:09,927] INFO [Controller 1] ConfigResource(type=BROKER, name='1'): set configuration listener.name.external.ssl.key.password to bar (org.apache.kafka.controller.ConfigurationControlManager)
{code}
Once this new config reaches the broker, it is logged again, but this time it is redacted
{code}
[2022-07-27 12:14:09,957] INFO [BrokerMetadataPublisher id=1] Updating broker 1 with new configuration : listener.name.external.ssl.key.password -> [hidden] (kafka.server.metadata.BrokerMetadataPublisher)
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)