[
https://issues.apache.org/jira/browse/SAMZA-589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363594#comment-14363594
]
Chris Riccomini commented on SAMZA-589:
---------------------------------------
This looks good. Few points:
# Could you update the
{[./docs/learn/documentation/versioned/jobs/configuration.md}} file with docs
on this?
# Could you attach the diff to this JIRA? The attachment is apparently what
grants Apache license to your patch. :)
# We should be explicit in the docs that "sensitive" doesn't encrypt anything,
it just prevents configs from being displayed in the UI.
# I wasn't able to run the tests yet because of SAMZA-602, so I haven't
verified everything. If you run {{bin/check-all.sh}}, it should work.
> Need a way to flag sensitive information in Config
> --------------------------------------------------
>
> Key: SAMZA-589
> URL: https://issues.apache.org/jira/browse/SAMZA-589
> Project: Samza
> Issue Type: Bug
> Components: container
> Affects Versions: 0.8.0
> Reporter: Tommy Becker
> Fix For: 0.10.0
>
>
> Currently, the full contents of a job's Config is exposed in at least a
> couple of places including the logs (logged by SamzaContainer), and the
> ApplicationMaster UI's config page. There is a security concern with doing
> that if sensitive information (e.g. credentials) is stored there. It would
> be nice to be able to mark sensitive config values so that they are not
> displayed in such ways. The only thing that springs to mind is a special
> naming convention, perhaps a "sensitive" prefix that would identify these
> values. Ideally such a capability would be baked into Config itself, but
> minimally Samza code that exposes Config could be made aware of the
> convention to avoid displaying the plaintext of sensitive values.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
