Github user vanzin commented on the issue: https://github.com/apache/spark/pull/23174 > if the secret would be listed under the environment variables in the Spark UI Secrets are redacted in the UI and event logs. We already use env variables in other contexts (e.g. standalone with auth enabled). Environment variables don't leak unless you leak them. If you do, it's a security problem in your code, since the env is generally considered "sensitive information". They're not written to disk, unlike files, which some people have problems with (really paranoid orgs don't want sensitive information in unencrypted files on disk). This could be stashed in a k8s secret, but then how does the client mode driver get it? More user configuration? That's exactly what this is trying to avoid.
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org