justinmclean opened a new issue, #10223: URL: https://github.com/apache/gravitino/issues/10223
### What would you like to be improved? SparkProcessBuilder.start() logs the full environment map (sparkJobTemplate.environments()) at INFO. In production defaults, Spark jobs can run via the default local executor, and INFO logging is enabled in chart defaults. If users pass secrets (tokens/passwords/keys) through job environment variables, those secrets are written to server logs in plaintext. ### How should we improve? Change logging in SparkProcessBuilder.start() to avoid printing raw environment values. For example, log only environment variable names, or log a redacted map where sensitive values are masked (or mask all values). Keep command logging, but ensure no secret-bearing environment values are emitted at INFO. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
