If you change the name of your configuration key ti include "secret" or
"password" it should be hidden from the logs and UI.
On 09.08.2018 04:28, vino yang wrote:
Hi Matt,
Flink is currently enhancing its security, such as the current data
transmission can be configured with SSL mode[1].
However, some problems involving configuration and web ui display do
exist, and they are still displayed in plain text.
I think a temporary way to do this is to keep your secret
configuration in encrypted form elsewhere, such as Zookeeper or RDBMS,
and then dynamically read it into the job in a UDF (in the open method).
https://ci.apache.org/projects/flink/flink-docs-release-1.5/ops/security-ssl.html
Thanks, vino.
Matt Moore <m...@mattdoescode.com <mailto:m...@mattdoescode.com>>
于2018年8月9日周四 上午1:54写道:
I'm wondering what the best practice is for using secrets in a
Flink program, and I can't find any info in the docs or posted
anywhere else.
I need to store an access token to one of my APIs for flink to use
to dump results into, and right now I'm passing it through as a
configuration parameter, but that doesn't seem like the most
secure thing to do and the value shows up in the Flink Dashboard
under Configuration which is less than ideal.
Has anyone else dealt with a situation like this?
Thanks,