[
https://issues.apache.org/jira/browse/KAFKA-9601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17045939#comment-17045939
]
ASF GitHub Bot commented on KAFKA-9601:
---------------------------------------
rhauch commented on pull request #8165: KAFKA-9601: Stop logging raw connector
config values
URL: https://github.com/apache/kafka/pull/8165
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Workers log raw connector configs, including values
> ---------------------------------------------------
>
> Key: KAFKA-9601
> URL: https://issues.apache.org/jira/browse/KAFKA-9601
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Chris Egerton
> Assignee: Chris Egerton
> Priority: Critical
>
> [This line right
> here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78]
> logs all configs (key and value) for a connector, which is bad, since it can
> lead to secrets (db credentials, cloud storage credentials, etc.) being
> logged in plaintext.
> We can remove this line. Or change it to just log config keys. Or try to do
> some super-fancy parsing that masks sensitive values. Well, hopefully not
> that. That sounds like a lot of work.
> Affects all versions of Connect back through 0.10.1.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
