litiliu opened a new issue, #3485: URL: https://github.com/apache/fluss/issues/3485
### Search before asking - [x] I searched in the [issues](https://github.com/apache/fluss/issues) and found nothing similar. ### Fluss version main branch ### Please describe the bug `GlobalConfiguration` logs every loaded configuration property during startup. This can leak credentials when sensitive configuration values are provided as plain strings. For example, when an S3 access key is configured: ```yaml fs.s3a.access.key: <access-key> ``` the startup log currently includes the raw credential value: ```text Loading configuration property: fs.s3a.access.key=<access-key> ``` This is a security issue because credentials can be exposed to log aggregation systems and users who only have log access. The current masking logic only hides values that are already represented as `Password` objects. However, configuration loaded from YAML is added through `setString`, so arbitrary sensitive keys such as `fs.s3a.access.key` are logged as plain strings. ### Expected behavior Sensitive configuration values should be redacted when configuration properties are logged. The redacted value should always be the fixed string: ```text ****** ``` For example: ```text Loading configuration property: fs.s3a.access.key=****** ``` The matching should be case-insensitive. At minimum, `fs.s3a.access.key` and keys containing or matching the following sensitive patterns should be redacted, following Flink's sensitive key handling: - `password` - `secret` - `fs.azure.account.key` - `apikey` - `api-key` - `auth-params` - `service-key` - `token` - `basic-auth` - `jaas.config` - `http-headers` ### Possible solution Add a centralized helper for detecting sensitive configuration keys and use it in `GlobalConfiguration.logConfiguration`. The existing `Password.HIDDEN_CONTENT` constant already uses the desired fixed redaction value (`******`) and can be reused. ### Are you willing to submit a PR? - [x] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
