[jira] [Created] (KAFKA-9601) Workers log raw connector configs, including values

Chris Egerton (Jira) Mon, 24 Feb 2020 22:19:59 -0800

Chris Egerton created KAFKA-9601:
------------------------------------

             Summary: Workers log raw connector configs, including values
                 Key: KAFKA-9601
                 URL: https://issues.apache.org/jira/browse/KAFKA-9601
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
            Reporter: Chris Egerton
            Assignee: Chris Egerton



[This line right 
here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78]
 logs all configs (key and value) for a connector, which is bad, since it can 
lead to secrets (db credentials, cloud storage credentials, etc.) being logged 
in plaintext.

We can remove this line. Or change it to just log config keys. Or try to do 
some super-fancy parsing that masks sensitive values. Well, hopefully not that. 
That sounds like a lot of work.

Affects all versions of Connect back through 0.10.1.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KAFKA-9601) Workers log raw connector configs, including values

Reply via email to