[
https://issues.apache.org/jira/browse/FLINK-10363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16623330#comment-16623330
]
Steve Loughran commented on FLINK-10363:
----------------------------------------
see WHIRR-642 for this same issue; it's easy to do. For that one I had to
google for every whirr log entry & notify at least two people they'd
accidentally shared their secrets. Luckily that was the era before bitcoin
miners scanned the internet for AWS keys
> S3 FileSystem factory prints secrets into logs
> ----------------------------------------------
>
> Key: FLINK-10363
> URL: https://issues.apache.org/jira/browse/FLINK-10363
> Project: Flink
> Issue Type: Bug
> Components: FileSystem
> Reporter: Stephan Ewen
> Assignee: Stephan Ewen
> Priority: Critical
> Fix For: 1.7.0, 1.6.2
>
>
> The file system factory logs all values it applies from the flink
> configuration.
> That frequently includes access keys, which should not leak into logs.
> The loader should only log the keys, not the values.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
