You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Matyas Orhidi (Jira)" <ji...@apache.org> on 2019/09/04 12:22:00 UTC
[jira] [Updated] (FLINK-13957) Redact passwords from dynamic
properties logged on job submission
[ https://issues.apache.org/jira/browse/FLINK-13957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matyas Orhidi updated FLINK-13957:
----------------------------------
Summary: Redact passwords from dynamic properties logged on job submission (was: Redact passwords from dynamic properties on job submission)
> Redact passwords from dynamic properties logged on job submission
> -----------------------------------------------------------------
>
> Key: FLINK-13957
> URL: https://issues.apache.org/jira/browse/FLINK-13957
> Project: Flink
> Issue Type: Improvement
> Components: Client / Job Submission
> Affects Versions: 1.9.0
> Reporter: Matyas Orhidi
> Assignee: Matyas Orhidi
> Priority: Major
> Labels: log, security, sensitivity
> Fix For: 1.9.1
>
>
> SSL related passwords specified by dynamic properties
> {{flink run -m yarn-cluster -sae -p 2 -ynm HeapMonitor}}
> {{...}}
> -yD security.ssl.internal.key-password=changeit
> {{-yD security.ssl.internal.keystore-password=}}{{changeit}}
> {{-yD security.ssl.internal.truststore-password=}}{{changeit}}
> {{...}}
> are showing up in {{FlinkYarnSessionCli}} logs in plain text:
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: security.ssl.internal.truststore-password=changeit}}
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: security.ssl.internal.keystore-password=changeit}}
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: security.ssl.internal.key-password=changeit}}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)