You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Chris Egerton (Jira)" <ji...@apache.org> on 2020/02/25 06:19:00 UTC
[jira] [Created] (KAFKA-9601) Workers log raw connector configs,
including values
Chris Egerton created KAFKA-9601:
------------------------------------
Summary: Workers log raw connector configs, including values
Key: KAFKA-9601
URL: https://issues.apache.org/jira/browse/KAFKA-9601
Project: Kafka
Issue Type: Bug
Components: KafkaConnect
Reporter: Chris Egerton
Assignee: Chris Egerton
[This line right here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78] logs all configs (key and value) for a connector, which is bad, since it can lead to secrets (db credentials, cloud storage credentials, etc.) being logged in plaintext.
We can remove this line. Or change it to just log config keys. Or try to do some super-fancy parsing that masks sensitive values. Well, hopefully not that. That sounds like a lot of work.
Affects all versions of Connect back through 0.10.1.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)