During server/client startup, we are logging all the supplied configs. May be we can just mask the password related config values for both valid/invalid configs.
On Wed, Aug 17, 2016 at 5:14 PM, Jaikiran Pai <jai.forums2...@gmail.com> wrote: > Any opinion about this proposed change? > > -Jaikiran > > On Tuesday 16 August 2016 02:28 PM, Jaikiran Pai wrote: > >> We are using 0.9.0.1 of Kafka (Java) libraries for our Kafka consumers >> and producers. In one of our consumers, our consumer config had a SSL >> specific property which ended up being used against a non-SSL Kafka broker >> port. As a result, the logs ended up seeing messages like: >> >> 17:53:33,722 WARN [o.a.k.c.c.ConsumerConfig] - The configuration >> *ssl.truststore.password = foobar* was supplied but isn't a known config. >> >> The log message is fine and makes sense, but can Kafka please not log the >> values of the properties and instead just include the config name which it >> considers as unknown? That way it won't ended up logging these potentially >> sensitive values. I understand that only those with access to these log >> files can end up seeing these values but even then some of our internal >> processes forbid logging such sensitive information to the logs. This log >> message will still end up being useful if only the config name is logged >> without the value. >> >> Can I add this as a JIRA and provide a patch? >> >> -Jaikiran >> > >
