You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "Florian Szabo (Jira)" <ji...@apache.org> on 2020/11/09 07:57:00 UTC

[jira] [Created] (FLINK-20055) Datadog API Key exposed in Flink JobManager logs

Florian Szabo created FLINK-20055:
-------------------------------------

             Summary: Datadog API Key exposed in Flink JobManager logs
                 Key: FLINK-20055
                 URL: https://issues.apache.org/jira/browse/FLINK-20055
             Project: Flink
          Issue Type: Improvement
          Components: Runtime / Configuration
    Affects Versions: 1.11.2, 1.9.1
            Reporter: Florian Szabo


When Flink is set up to report metrics to Datadog, the JobManager log containe the Datadog API key in plain format. In fact it shows up in two different places:
{code:java}
2020-08-03 09:03:19,400 INFO  org.apache.flink.configuration.GlobalConfiguration            - Loading configuration property: metrics.reporter.dghttp.apikey, <REDACTED-KEY>
...
2020-08-03 09:03:20,437 INFO  org.apache.flink.runtime.metrics.ReporterSetup                - Configuring dghttp with {apikey=<REDACTED-KEY>, tags=<...>,profile:<...>,region:<...>,env:<...>, class=org.apache.flink.metrics.datadog.DatadogHttpReporter}.
{code}
The expected behavior here should be that the API key in both places is hidden so that it does not end up in places where it should not be.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)