[
https://issues.apache.org/jira/browse/BEAM-6292?focusedWorklogId=178326&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-178326
]
ASF GitHub Bot logged work on BEAM-6292:
----------------------------------------
Author: ASF GitHub Bot
Created on: 23/Dec/18 12:50
Start Date: 23/Dec/18 12:50
Worklog Time Spent: 10m
Work Description: mblmat commented on pull request #7348: [BEAM-6292]
PasswordDecrypter: Delay decryption / Avoid serialization
URL: https://github.com/apache/beam/pull/7348
Currently, the password is decrypted before the serialization of the
pipeline and this causes the raw version to be visible to everyone on the
staging location.
To avoid this, we delayed the decryption of the password when connecting to
the cluster, which ensures that the raw password is never serialized in the
pipeline.
n.b. In our case, we use Google KMS to decrypt Cassandra's password
------------------------
Post-Commit Tests Status (on master branch)
------------------------------------------------------------------------------------------------
Lang | SDK | Apex | Dataflow | Flink | Gearpump | Samza | Spark
--- | --- | --- | --- | --- | --- | --- | ---
Go | [](https://builds.apache.org/job/beam_PostCommit_Go/lastCompletedBuild/)
| --- | --- | --- | --- | --- | ---
Java | [](https://builds.apache.org/job/beam_PostCommit_Java/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Apex/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Dataflow/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Flink/lastCompletedBuild/)
[](https://builds.apache.org/job/beam_PostCommit_Java_PVR_Flink/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Gearpump/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Samza/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Java_ValidatesRunner_Spark/lastCompletedBuild/)
Python | [](https://builds.apache.org/job/beam_PostCommit_Python_Verify/lastCompletedBuild/)
| --- | [](https://builds.apache.org/job/beam_PostCommit_Py_VR_Dataflow/lastCompletedBuild/)
</br> [](https://builds.apache.org/job/beam_PostCommit_Py_ValCont/lastCompletedBuild/)
| [](https://builds.apache.org/job/beam_PostCommit_Python_VR_Flink/lastCompletedBuild/)
| --- | --- | ---
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 178326)
Time Spent: 1h 10m (was: 1h)
> PasswordDecrypter: Delay decryption / Avoid serialization
> ---------------------------------------------------------
>
> Key: BEAM-6292
> URL: https://issues.apache.org/jira/browse/BEAM-6292
> Project: Beam
> Issue Type: Improvement
> Components: io-java-cassandra
> Reporter: Mathieu Blanchard
> Assignee: Jean-Baptiste Onofré
> Priority: Minor
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Currently, the password is decrypted before the serialization of the pipeline
> and this causes the raw version to be visible to everyone on the staging
> location.
> To avoid this, we delayed the decryption of the password when connecting to
> the cluster, which ensures that the raw password is never serialized in the
> pipeline.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
