[jira] [Commented] (FLINK-30943) Hide sensitive command-line configurations

Martijn Visser (Jira) Tue, 07 Feb 2023 07:02:08 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-30943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17685344#comment-17685344
 ]


Martijn Visser commented on FLINK-30943:
----------------------------------------

I would argue that providing sensitive data via the command line is insecure by 
default https://smallstep.com/blog/command-line-secrets/ - So I don't see an 
obvious reason for Flink to hide already exposed data

> Hide sensitive command-line configurations
> ------------------------------------------
>
>                 Key: FLINK-30943
>                 URL: https://issues.apache.org/jira/browse/FLINK-30943
>             Project: Flink
>          Issue Type: New Feature
>          Components: Command Line Client
>            Reporter: Bo Cui
>            Priority: Major
>              Labels: pull-request-available
>
> When a job is submitted from the command line, log prints jvm options and 
> application dynamic parameters. 
> now only dynamic parameters (`-Dxx=yy`) are masked, but the key-value 
> separation parameter (`--key value`) is not masked.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-30943) Hide sensitive command-line configurations

Reply via email to