You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Subodh Pachghare (JIRA)" <ji...@apache.org> on 2017/05/31 19:09:04 UTC
[jira] [Commented] (MESOS-7292) Introduce a "sensitive mode" in
Mesos which prevents leaks of sensitive data.
[ https://issues.apache.org/jira/browse/MESOS-7292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16031759#comment-16031759 ]
Subodh Pachghare commented on MESOS-7292:
-----------------------------------------
Just a few suggestions -
1. Implement a encryption logic for env variables. Something like Travis CI.
2. Vault integrations into Mesos.
3. A prefix SECRET_* obfuscation of details on logs.
Thanks,
Subodh Pachghare
> Introduce a "sensitive mode" in Mesos which prevents leaks of sensitive data.
> -----------------------------------------------------------------------------
>
> Key: MESOS-7292
> URL: https://issues.apache.org/jira/browse/MESOS-7292
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Reporter: Alexander Rukletsov
> Labels: mesosphere, security
>
> Consider a following scenario. A user passes some sensitive data in an environment variable to a task. These data may be logged by Mesos components, e.g., executor as part of {{mesos-containerizer}} invocation. While this is useful for debugging, this might be an issue in some production environments.
> One of the solution is to have global "sensitive mode", that turns off logging of such sensitive data.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)