I have created FLINK-9111 <https://issues.apache.org/jira/browse/FLINK-9111> as
this is not handled in the latest code of GlobalConfiguration.
Regards,
Vinay Patil
On Thu, Mar 29, 2018 at 8:33 AM, Vinay Patil <vinay18.pa...@gmail.com>
wrote:
> Hi,
>
> If this is not part of Flink 1.5 or not handled in latest 1.4.2 release, I
> can open a JIRA. Should be a small change.
>
> What do you think ?
>
> Regards,
> Vinay Patil
>
> On Wed, Mar 28, 2018 at 4:11 PM, Vinay Patil <vinay18.pa...@gmail.com>
> wrote:
>
>> Hi Greg,
>>
>> I am not concerned with flink-conf.yaml file, we have taken care of the
>> passwords there by replacing them with placeholders. We are picking the
>> passwords from our vault.
>>
>> The main issue is that Flink is printing these passwords in plain text in
>> log file. It should be simple check to not print the ssl passwords .
>>
>> Regards,
>> Vinay Patil
>>
>> On Wed, Mar 28, 2018 at 3:53 PM, Greg Hogan <c...@greghogan.com> wrote:
>>
>>> With the current method you always have the risk, no matter which
>>> keywords you filter on ("secret", "password", etc.), that the key name is
>>> mistyped and inadvertently logged.
>>>
>>> Perhaps we could implement something like TravisCI's encryption keys [
>>> https://docs.travis-ci.com/user/encryption-keys/] at a cost of added
>>> complexity.
>>>
>>> On Wed, Mar 28, 2018 at 4:38 PM, Vinay Patil <vinay18.pa...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I see plain text SSL passwords in log file (printed by
>>>> GlobalConfiguration) , because of which we cannot deploy our pipeline to NR
>>>> environment.
>>>>
>>>> I am able to avoid this by having ERROR log level for this class but
>>>> the security team still think it is a risk.
>>>>
>>>> Is this taken care in the new release ? (I am using Flink 1.3.2)
>>>>
>>>> Regards,
>>>> Vinay Patil
>>>>
>>>
>>>
>>
>
