[
https://issues.apache.org/jira/browse/FLINK-36456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18083237#comment-18083237
]
Thierno BARRY commented on FLINK-36456:
---------------------------------------
Same ask as FLINK-33994 (older ticket, correct component). Consolidating
discussion there and on the dev@ thread linked above. PR #27432 remains the
active implementation.
> Improve Security in DatadogHttpReporterFactory by providing ENV alternative
> to retrieve API key
> -----------------------------------------------------------------------------------------------
>
> Key: FLINK-36456
> URL: https://issues.apache.org/jira/browse/FLINK-36456
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / Configuration
> Reporter: Raul Garcia
> Priority: Minor
> Labels: pull-request-available
>
> The current implementation of the {{DatadogHttpReporterFactory}} class
> retrieves the Datadog API key from the Flink configuration. In Kubernetes
> environments, this typically means storing the API key in ConfigMaps, which
> can expose sensitive information in plain text. Since ConfigMaps are not
> designed to hold secrets, this approach poses potential security risks.
> My proposal is to fallback to {{DD_API_KEY}} which is the standard way of
> passing the API key to containers and it's usually available in the
> environment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
