Hey Zhitao, I sadly have to tell you that the first assumption is not correct. If you use environment based secrets, docker and verbose mode, they will get printed (see this patch https://reviews.apache.org/r/57846/ <https://reviews.apache.org/r/57846/>). The reason is that the docker command will get logged and it might contain your secrets. You may end up with some logging line like:
``` I0129 14:09:22.444318 docker.cpp:1139] Running docker -H unix:///var/run/docker.suck <unix:///var/run/docker.suck> run --cpu-shares 25 --memory 278435456 -e ADMIN_PASSWORD=test_password … ``` > On 19. Apr 2018, at 19:57, Zhitao Li <[email protected]> wrote: > > Hello, > > We at Uber plan to use volume/secret isolator to send secrets from Uber > framework to Mesos agent. > > For this purpose, we are referring to these documents: > File based secrets design doc > <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#>and > slides > <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf>. > Apache Mesos secrets documentation > <http://mesos.apache.org/documentation/latest/secrets/> > Could you please confirm that the following assumptions are correct? > Mesos agent and master will never log the secret data at any logging level; > Mesos agent and master will never expose the secret data as part of any API > response; > Mesos agent and master will never store the secret in any persistent storage, > but only on tmpfs or ramfs; > When the secret is first downloaded on the mesos agent, it will be stored as > "root" on the tmpfs/ramfs before being mounted in the container ramfs. > If above assumptions are true, then I would like to see them documented in > this as part of the Apache Mesos secrets documentation > <http://mesos.apache.org/documentation/latest/secrets/>. Otherwise, we'd like > to have a design discussion with maintainer of the isolator. > > We appreciate your help regarding this. Thanks! > > Regards, > Aditya And Zhitao
