[
https://issues.apache.org/jira/browse/FLINK-30306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17643479#comment-17643479
]
Gyula Fora commented on FLINK-30306:
------------------------------------
Why would the spec contain injected sensitive info? Wouldn’t those be generally
injected at runtime to the Flink jobs instead? Also if the person has access to
the operator logs then probably has access to the FLinkDeployment CRs too right?
> Audit utils can expose potentially sensitive information
> --------------------------------------------------------
>
> Key: FLINK-30306
> URL: https://issues.apache.org/jira/browse/FLINK-30306
> Project: Flink
> Issue Type: Bug
> Components: Kubernetes Operator
> Affects Versions: kubernetes-operator-1.2.0
> Reporter: Alexis Sarda-Espinosa
> Priority: Major
>
> I see events being logged by
> {{org.apache.flink.kubernetes.operator.listener.AuditUtils}} along the lines
> of ">>> Event | Info | SPECCHANGED | UPGRADE change(s) detected".
> This logs the entire new spec, which can contain sensitive information that
> has been injected from a Kubernetes secret.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
