tasks-config endpoint exposes externalized secret values

Yash Mayya (Jira) Fri, 18 Aug 2023 00:09:03 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-15377?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yash Mayya updated KAFKA-15377:
-------------------------------
    Description: The {{GET /connectors/\{connector}/tasks-config}} endpoint 
added in 
[https://cwiki.apache.org/confluence/display/KAFKA/KIP-661%3A+Expose+task+configurations+in+Connect+REST+API]
 exposes externalized secret values in task configurations (see 
[https://cwiki.apache.org/confluence/display/KAFKA/KIP-297%3A+Externalizing+Secrets+for+Connect+Configurations)].
 A similar bug was fixed in https://issues.apache.org/jira/browse/KAFKA-5117 / 
[https://github.com/apache/kafka/pull/6129] for the {{GET 
/connectors/\{connector}/tasks}} endpoint. The config provider placeholder 
should be used instead of the resolved config value.  (was: The \{{GET 
/connectors/{connector}/tasks-config}} endpoint added in 
[https://cwiki.apache.org/confluence/display/KAFKA/KIP-661%3A+Expose+task+configurations+in+Connect+REST+API]
 exposes externalized secret values in task configurations (see 
[https://cwiki.apache.org/confluence/display/KAFKA/KIP-297%3A+Externalizing+Secrets+for+Connect+Configurations)].
 A similar bug was fixed in https://issues.apache.org/jira/browse/KAFKA-5117 / 
[https://github.com/apache/kafka/pull/6129] for the \{{GET 
/connectors/{connector}/tasks}} endpoint. The config provider placeholder 
should be used instead of the resolved config value.)

> GET /connectors/{connector}/tasks-config endpoint exposes externalized secret 
> values
> ------------------------------------------------------------------------------------
>
>                 Key: KAFKA-15377
>                 URL: https://issues.apache.org/jira/browse/KAFKA-15377
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>            Reporter: Yash Mayya
>            Assignee: Yash Mayya
>            Priority: Major
>
> The {{GET /connectors/\{connector}/tasks-config}} endpoint added in 
> [https://cwiki.apache.org/confluence/display/KAFKA/KIP-661%3A+Expose+task+configurations+in+Connect+REST+API]
>  exposes externalized secret values in task configurations (see 
> [https://cwiki.apache.org/confluence/display/KAFKA/KIP-297%3A+Externalizing+Secrets+for+Connect+Configurations)].
>  A similar bug was fixed in https://issues.apache.org/jira/browse/KAFKA-5117 
> / [https://github.com/apache/kafka/pull/6129] for the {{GET 
> /connectors/\{connector}/tasks}} endpoint. The config provider placeholder 
> should be used instead of the resolved config value.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KAFKA-15377) GET /connectors/{connector}/tasks-config endpoint exposes externalized secret values

Reply via email to