[
https://issues.apache.org/jira/browse/FLINK-30306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17643485#comment-17643485
]
Alexis Sarda-Espinosa commented on FLINK-30306:
-----------------------------------------------
In my case, there are some passwords that we encrypt and are then injected by
Argo CD, and I can see them in the {{AuditUtils}} logs. Moreover, we forward
logs from containers to other infrastructure to facilitate searching, so even
though that remains internal, it increases the "exposed area"; if someone could
access the searchable logs, that doesn't mean they have access to the
Kubernetes cluster.
> Audit utils can expose potentially sensitive information
> --------------------------------------------------------
>
> Key: FLINK-30306
> URL: https://issues.apache.org/jira/browse/FLINK-30306
> Project: Flink
> Issue Type: Bug
> Components: Kubernetes Operator
> Affects Versions: kubernetes-operator-1.2.0
> Reporter: Alexis Sarda-Espinosa
> Priority: Major
>
> I see events being logged by
> {{org.apache.flink.kubernetes.operator.listener.AuditUtils}} along the lines
> of ">>> Event | Info | SPECCHANGED | UPGRADE change(s) detected".
> This logs the entire new spec, which can contain sensitive information that
> has been injected from a Kubernetes secret.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
