Chris Egerton created KAFKA-9601: ------------------------------------ Summary: Workers log raw connector configs, including values Key: KAFKA-9601 URL: https://issues.apache.org/jira/browse/KAFKA-9601 Project: Kafka Issue Type: Bug Components: KafkaConnect Reporter: Chris Egerton Assignee: Chris Egerton
[This line right here|https://github.com/apache/kafka/blob/5359b2e3bc1cf13a301f32490a6630802afc4974/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/WorkerConnector.java#L78] logs all configs (key and value) for a connector, which is bad, since it can lead to secrets (db credentials, cloud storage credentials, etc.) being logged in plaintext. We can remove this line. Or change it to just log config keys. Or try to do some super-fancy parsing that masks sensitive values. Well, hopefully not that. That sounds like a lot of work. Affects all versions of Connect back through 0.10.1. -- This message was sent by Atlassian Jira (v8.3.4#803005)