Github user rvesse commented on the issue:
https://github.com/apache/spark/pull/20167
@felixcheung Well currently you are required to provide them in clear text
either via `--conf` arguments or in your `spark-defaults.conf` which was
unacceptable to our security conscious users. The former is trivially
accessible via `ps` output and the latter tends to be a world readable file so
both methods are insecure.
Providing some indirection by only having to provide Spark with a path to
the file that contains the secrets is an improvement. As noted in my
description if these files are properly protected this prevents other users
from discovering/exposing those secrets via `ps`, `history` or other means.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
