[jira] [Commented] (KAFKA-4056) Kafka logs values of sensitive configs like passwords

Thu, 18 Aug 2016 07:05:47 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426521#comment-15426521
 ] 

Mickael Maison commented on KAFKA-4056:
---------------------------------------

Using trunk, I don't see known but unused configurations (like 
ssl.truststore.password) being logged. Only unknown configuration are listed.

I think the easiest is probably to only logged the unknown config key and not 
the value. Like this:
17:53:33,722 WARN [o.a.k.c.c.ConsumerConfig] - The configuration 
ssl.truststore.password was supplied but isn't a known config.

> Kafka logs values of sensitive configs like passwords
> -----------------------------------------------------
>
>                 Key: KAFKA-4056
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4056
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.9.0.1
>            Reporter: jaikiran pai
>            Assignee: Mickael Maison
>
> From the mail discussion here: 
> https://www.mail-archive.com/dev@kafka.apache.org/msg55012.html
> {quote}
> We are using 0.9.0.1 of Kafka (Java) libraries for our Kafka consumers and 
> producers. In one of our consumers, our consumer config had a SSL specific 
> property which ended up being used against a non-SSL Kafka broker port. As a 
> result, the logs ended up seeing messages like:
> 17:53:33,722 WARN [o.a.k.c.c.ConsumerConfig] - The configuration 
> *ssl.truststore.password = foobar* was supplied but isn't a known config.
> The log message is fine and makes sense, but can Kafka please not log the 
> values of the properties and instead just include the config name which it 
> considers as unknown? That way it won't ended up logging these potentially 
> sensitive values. I understand that only those with access to these log files 
> can end up seeing these values but even then some of our internal processes 
> forbid logging such sensitive information to the logs. This log message will 
> still end up being useful if only the config name is logged without the 
> value. 
> {quote}
> Apparently (as noted in that thread), there's already code in the Kafka 
> library which masks sensitive values like passwords, but it looks like 
> there's a bug where it unintentionally logs these raw values.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to