[jira] [Commented] (KAFKA-4056) Kafka logs values of sensitive configs like passwords

Thu, 18 Aug 2016 07:23:52 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426538#comment-15426538
 ] 

jaikiran pai commented on KAFKA-4056:
-------------------------------------

[~mimaison], we ran into this on our system when we created a consumer and 
passed consumer properties which included ssl.truststore.password property and 
a *non SSL* port for the broker via the bootstrap.servers config property (it 
pointed to localhost:9092 instead of a SSL port and we had both plaintext and 
SSL listeners enabled on the broker).


> Kafka logs values of sensitive configs like passwords
> -----------------------------------------------------
>
>                 Key: KAFKA-4056
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4056
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.9.0.1
>            Reporter: jaikiran pai
>            Assignee: Mickael Maison
>
> From the mail discussion here: 
> https://www.mail-archive.com/[email protected]/msg55012.html
> {quote}
> We are using 0.9.0.1 of Kafka (Java) libraries for our Kafka consumers and 
> producers. In one of our consumers, our consumer config had a SSL specific 
> property which ended up being used against a non-SSL Kafka broker port. As a 
> result, the logs ended up seeing messages like:
> 17:53:33,722 WARN [o.a.k.c.c.ConsumerConfig] - The configuration 
> *ssl.truststore.password = foobar* was supplied but isn't a known config.
> The log message is fine and makes sense, but can Kafka please not log the 
> values of the properties and instead just include the config name which it 
> considers as unknown? That way it won't ended up logging these potentially 
> sensitive values. I understand that only those with access to these log files 
> can end up seeing these values but even then some of our internal processes 
> forbid logging such sensitive information to the logs. This log message will 
> still end up being useful if only the config name is logged without the 
> value. 
> {quote}
> Apparently (as noted in that thread), there's already code in the Kafka 
> library which masks sensitive values like passwords, but it looks like 
> there's a bug where it unintentionally logs these raw values.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to