dataengineervishal opened a new pull request, #27784: URL: https://github.com/apache/flink/pull/27784
This PR depends on https://issues.apache.org/jira/browse/FLINK-38815 ## What is the purpose of the change This pull request fixes a security issue where sensitive values in the Pekko RPC configuration were logged in plain text. The Pekko configuration is based on Typesafe Config and was directly logged, bypassing Flinkās existing masking logic. This change ensures that sensitive values (such as passwords and secrets) are masked before being logged. ## Brief change log - Converted Pekko Config into a flat Map<String, String> using entrySet() - Reused ConfigurationUtils.hideSensitiveValues() to mask sensitive values - Updated debug logging to print masked configuration instead of raw config ## Verifying this change This change is already covered by existing tests. Additionally, the fix was manually verified by enabling debug logging and confirming that sensitive fields such as key-password and trust-store-password are masked (replaced with ******) in the logs. ## Does this pull request potentially affect one of the following parts: - Dependencies (does it add or upgrade a dependency): no - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: no - The serializers: no - The runtime per-record code paths (performance sensitive): no - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no - The S3 file system connector: no ## Documentation - Does this pull request introduce a new feature? no -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
