Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/23174
> if the secret would be listed under the environment variables in the
Spark UI
Secrets are redacted in the UI and event logs. We already use env variables
in other contexts (e.g. standalone with auth enabled).
Environment variables don't leak unless you leak them. If you do, it's a
security problem in your code, since the env is generally considered "sensitive
information". They're not written to disk, unlike files, which some people have
problems with (really paranoid orgs don't want sensitive information in
unencrypted files on disk).
This could be stashed in a k8s secret, but then how does the client mode
driver get it? More user configuration? That's exactly what this is trying to
avoid.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
