Hi Greg,
I am not concerned with flink-conf.yaml file, we have taken care of the
passwords there by replacing them with placeholders. We are picking the
passwords from our vault.
The main issue is that Flink is printing these passwords in plain text in
log file. It should be simple check to not print the ssl passwords .
Regards,
Vinay Patil
On Wed, Mar 28, 2018 at 3:53 PM, Greg Hogan <c...@greghogan.com> wrote:
> With the current method you always have the risk, no matter which keywords
> you filter on ("secret", "password", etc.), that the key name is mistyped
> and inadvertently logged.
>
> Perhaps we could implement something like TravisCI's encryption keys [
> https://docs.travis-ci.com/user/encryption-keys/] at a cost of added
> complexity.
>
> On Wed, Mar 28, 2018 at 4:38 PM, Vinay Patil <vinay18.pa...@gmail.com>
> wrote:
>
>> Hi,
>>
>> I see plain text SSL passwords in log file (printed by
>> GlobalConfiguration) , because of which we cannot deploy our pipeline to NR
>> environment.
>>
>> I am able to avoid this by having ERROR log level for this class but the
>> security team still think it is a risk.
>>
>> Is this taken care in the new release ? (I am using Flink 1.3.2)
>>
>> Regards,
>> Vinay Patil
>>
>
>
