You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Chris Egerton (Jira)" <ji...@apache.org> on 2020/02/25 06:19:00 UTC

[jira] [Created] (KAFKA-9601) Workers log raw connector configs, including values

Chris Egerton created KAFKA-9601:
------------------------------------

             Summary: Workers log raw connector configs, including values
                 Key: KAFKA-9601
                 URL: https://issues.apache.org/jira/browse/KAFKA-9601
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
            Reporter: Chris Egerton
            Assignee: Chris Egerton


[This line right here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78] logs all configs (key and value) for a connector, which is bad, since it can lead to secrets (db credentials, cloud storage credentials, etc.) being logged in plaintext.

We can remove this line. Or change it to just log config keys. Or try to do some super-fancy parsing that masks sensitive values. Well, hopefully not that. That sounds like a lot of work.

Affects all versions of Connect back through 0.10.1.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)