Florian Szabo created FLINK-20055:
-------------------------------------
Summary: Datadog API Key exposed in Flink JobManager logs
Key: FLINK-20055
URL: https://issues.apache.org/jira/browse/FLINK-20055
Project: Flink
Issue Type: Improvement
Components: Runtime / Configuration
Affects Versions: 1.11.2, 1.9.1
Reporter: Florian Szabo
When Flink is set up to report metrics to Datadog, the JobManager log containe
the Datadog API key in plain format. In fact it shows up in two different
places:
{code:java}
2020-08-03 09:03:19,400 INFO
org.apache.flink.configuration.GlobalConfiguration - Loading
configuration property: metrics.reporter.dghttp.apikey, <REDACTED-KEY>
...
2020-08-03 09:03:20,437 INFO org.apache.flink.runtime.metrics.ReporterSetup
- Configuring dghttp with {apikey=<REDACTED-KEY>,
tags=<...>,profile:<...>,region:<...>,env:<...>,
class=org.apache.flink.metrics.datadog.DatadogHttpReporter}.
{code}
The expected behavior here should be that the API key in both places is hidden
so that it does not end up in places where it should not be.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
