We do direct protobuf to JSON conversion for our API endpoints and I don't think we do any special case logic for `Secret` type in that conversion. So `value` based secrets will have their value show up in v1 (and likely v0) API endpoints.
On Mon, Apr 23, 2018 at 9:25 AM, Zhitao Li <zhitaoli...@gmail.com> wrote: > Hi Alexander, > > We discovered that in our own testing thus do not plan to use the > environment variable. For the `volume/secret` case, I believe it's possible > to be careful enough so we do not log that, so it's more about whether we > want to promise that. > > What do you think? > > On Mon, Apr 23, 2018 at 5:13 AM, Alexander Rojas <alexan...@mesosphere.io> > wrote: > >> >> Hey Zhitao, >> >> I sadly have to tell you that the first assumption is not correct. If you >> use environment based secrets, docker and verbose mode, they will get >> printed (see this patch https://reviews.apache.org/r/57846/). The reason >> is that the docker command will get logged and it might contain your >> secrets. You may end up with some logging line like: >> >> ``` >> I0129 14:09:22.444318 docker.cpp:1139] Running docker -H >> unix:///var/run/docker.suck run --cpu-shares 25 --memory 278435456 -e >> ADMIN_PASSWORD=test_password … >> ``` >> >> >> On 19. Apr 2018, at 19:57, Zhitao Li <zhitaoli...@gmail.com> wrote: >> >> Hello, >> >> We at Uber plan to use volume/secret isolator to send secrets from Uber >> framework to Mesos agent. >> >> For this purpose, we are referring to these documents: >> >> - File based secrets design doc >> >> <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#> >> and slides >> >> <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf> >> . >> - Apache Mesos secrets documentation >> <http://mesos.apache.org/documentation/latest/secrets/> >> >> Could you please confirm that the following assumptions are correct? >> >> - Mesos agent and master will never log the secret data at any >> logging level; >> - Mesos agent and master will never expose the secret data as part of >> any API response; >> - Mesos agent and master will never store the secret in any >> persistent storage, but only on tmpfs or ramfs; >> - When the secret is first downloaded on the mesos agent, it will be >> stored as "root" on the tmpfs/ramfs before being mounted in the container >> ramfs. >> >> If above assumptions are true, then I would like to see them documented >> in this as part of the Apache Mesos secrets documentation >> <http://mesos.apache.org/documentation/latest/secrets/>. Otherwise, we'd >> like to have a design discussion with maintainer of the isolator. >> >> We appreciate your help regarding this. Thanks! >> >> Regards, >> Aditya And Zhitao >> >> >> > > > -- > Cheers, > > Zhitao Li >
