Github user vanzin commented on a diff in the pull request:
https://github.com/apache/spark/pull/19631#discussion_r154218810
--- Diff: core/src/main/scala/org/apache/spark/SecurityManager.scala ---
@@ -542,7 +496,54 @@ private[spark] class SecurityManager(
* Gets the secret key.
* @return the secret key as a String if authentication is enabled,
otherwise returns null
*/
- def getSecretKey(): String = secretKey
+ def getSecretKey(): String = {
+ if (isAuthenticationEnabled) {
+ Option(sparkConf.getenv(ENV_AUTH_SECRET))
--- End diff --
I can add a different, internal config for this is re-using
`SPARK_AUTH_SECRET_CONF` is confusing. But I'm not too concerned about exposing
this to the user code running the application; they can just as easily get that
info from the UGI currently. Spark already redacts this kind of information
when writing it to things like the event log, which would be one place where it
might leak out.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
