[
https://issues.apache.org/jira/browse/KAFKA-9601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17044147#comment-17044147
]
ASF GitHub Bot commented on KAFKA-9601:
---------------------------------------
C0urante commented on pull request #8165: KAFKA-9601: Stop logging raw
connector config values
URL: https://github.com/apache/kafka/pull/8165
[Jira](https://issues.apache.org/jira/browse/KAFKA-9601)
whoopsie daisy
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Workers log raw connector configs, including values
> ---------------------------------------------------
>
> Key: KAFKA-9601
> URL: https://issues.apache.org/jira/browse/KAFKA-9601
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Critical
>
> [This line right
> here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78]
> logs all configs (key and value) for a connector, which is bad, since it can
> lead to secrets (db credentials, cloud storage credentials, etc.) being
> logged in plaintext.
> We can remove this line. Or change it to just log config keys. Or try to do
> some super-fancy parsing that masks sensitive values. Well, hopefully not
> that. That sounds like a lot of work.
> Affects all versions of Connect back through 0.10.1.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
