You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Ryan P (JIRA)" <ji...@apache.org> on 2016/11/01 20:29:58 UTC

[jira] [Created] (KAFKA-4364) Sink tasks expose secrets in DEBUG logging

Ryan P created KAFKA-4364:
-----------------------------

             Summary: Sink tasks expose secrets in DEBUG logging
                 Key: KAFKA-4364
                 URL: https://issues.apache.org/jira/browse/KAFKA-4364
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
            Reporter: Ryan P
            Assignee: Ewen Cheslack-Postava


As it stands today worker tasks print secrets such as Key/Trust store passwords to their respective logs. 

https://github.com/confluentinc/kafka/blob/trunk/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerSinkTask.java#L213-L214

i.e.

[2016-11-01 12:50:59,254] DEBUG Initializing connector test-sink with config {consumer.ssl.truststore.password=password, connector.class=io.confluent.connect.jdbc.JdbcSinkConnector, connection.password=password, producer.security.protocol=SSL, producer.ssl.truststore.password=password, topics=orders, tasks.max=1, consumer.ssl.truststore.location=/tmp/truststore/kafka.trustore.jks, producer.ssl.truststore.location=/tmp/truststore/kafka.trustore.jks, connection.user=connect, name=test-sink, auto.create=true, consumer.security.protocol=SSL, connection.url=jdbc:postgresql://localhost/test} (org.apache.kafka.connect.runtime.WorkerConnector:71)





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)