[jira] [Commented] (KAFKA-4364) Sink tasks expose secrets in DEBUG logging

Tue, 08 Nov 2016 15:40:12 -0800 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15649203#comment-15649203
 ] 

ASF GitHub Bot commented on KAFKA-4364:
---------------------------------------

GitHub user rnpridgeon opened a pull request:

    https://github.com/apache/kafka/pull/2115

    KAFKA-4364: Remove secrets from DEBUG logging

    leverage fix from KAFKA-2690 to remove secrets from task logging 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/rnpridgeon/kafka KAFKA-4364

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/2115.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2115
    
----
commit fe1f1f2cca6cd1b3255ef89eac2d6062a17e7079
Author: rnpridgeon <ryan.n.pridg...@gmail.com>
Date:   2016-11-08T23:35:09Z

    KAFKA-4364: Remove secrets from DEBUG logging

----


> Sink tasks expose secrets in DEBUG logging
> ------------------------------------------
>
>                 Key: KAFKA-4364
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4364
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>            Reporter: Ryan P
>            Assignee: Ryan P
>
> As it stands today worker tasks print secrets such as Key/Trust store 
> passwords to their respective logs. 
> https://github.com/confluentinc/kafka/blob/trunk/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerSinkTask.java#L213-L214
> i.e.
> [2016-11-01 12:50:59,254] DEBUG Initializing connector test-sink with config 
> {consumer.ssl.truststore.password=password, 
> connector.class=io.confluent.connect.jdbc.JdbcSinkConnector, 
> connection.password=password, producer.security.protocol=SSL, 
> producer.ssl.truststore.password=password, topics=orders, tasks.max=1, 
> consumer.ssl.truststore.location=/tmp/truststore/kafka.trustore.jks, 
> producer.ssl.truststore.location=/tmp/truststore/kafka.trustore.jks, 
> connection.user=connect, name=test-sink, auto.create=true, 
> consumer.security.protocol=SSL, 
> connection.url=jdbc:postgresql://localhost/test} 
> (org.apache.kafka.connect.runtime.WorkerConnector:71)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to