[
https://issues.apache.org/jira/browse/WHIRR-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13459557#comment-13459557
]
Steve Loughran commented on WHIRR-642:
--------------------------------------
if you search for {{fs.s3.awsSecretAccessKey}} you do find places where it has
been unintentionally published, showing that this a real security issue
> Whirr writes the AWS Secret key to the stdout. is it an unforeseen byproduct
> or intended behavior?
> --------------------------------------------------------------------------------------------------
>
> Key: WHIRR-642
> URL: https://issues.apache.org/jira/browse/WHIRR-642
> Project: Whirr
> Issue Type: Bug
> Components: cli
> Affects Versions: 0.7.1
> Environment: OSX Mountain Lion
> Reporter: P Mohan
>
> I used Whirr to launch a CDH cluster. Towards the end the whirr output has
> the AWS secret key in plain text as shown below.
> fs.s3.awsSecretAccessKey=qBqa*********************************, fs.s3.a
> wsAccessKeyId=AKIA*****************,
> hadoop.rpc.socket.factory.class.default=org.apache.hadoop.net.SocksSocketFactory,
> fs.default.name=hdfs://ec2-**********.compute-1.amazonaws.c
> om:8020/, fs.s3n.awsSecretAccessKey=qBqaott5*************************}}
> is this intended behavior. Would it be not better to mask or not print the
> AWS Secret key to the stdout.
> One gd thing i noticed is that the AWS Secret Key is not written to the
> whirr.log file. Can we not have the same behavior for the stdout as well ?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
