-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent Kafka Connect from leaking passwords and sensitive data #1050
Comments
orpiske
changed the title
Prevent Kafka Connect from leaking passwords
Prevent Kafka Connect from leaking passwords and sensitive data
Feb 23, 2021
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Feb 23, 2021
…in Kafka Connect logs (issue apache#1050)
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Feb 23, 2021
orpiske
added a commit
that referenced
this issue
Feb 23, 2021
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Feb 23, 2021
…in Kafka Connect logs (issue apache#1050)
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Feb 23, 2021
orpiske
added a commit
to jboss-fuse/camel-kafka-connector
that referenced
this issue
Feb 23, 2021
…in Kafka Connect logs (issue apache#1050)
orpiske
added a commit
to jboss-fuse/camel-kafka-connector
that referenced
this issue
Feb 23, 2021
orpiske
added a commit
that referenced
this issue
Feb 23, 2021
Fixed. |
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Mar 2, 2021
…in Kafka Connect logs (issue apache#1050)
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Mar 2, 2021
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Mar 2, 2021
…in Kafka Connect logs (issue apache#1050)
orpiske
added a commit
to orpiske/camel-kafka-connector
that referenced
this issue
Mar 2, 2021
orpiske
added a commit
that referenced
this issue
Mar 2, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need to mark password and other sensitive fields with
ConfigDef.Type.PASSWORD
instead ofConfigDef.Type.STRING
as we currently do (for example, here).By annotating the fields as String, sensitive information is displayed on the logs:
These values are likely leaking in other ways as well (to-be-confirmed: REST interface?)
After marking the field as password, this is what appears in the logs
Although we have redacted them from our own logs, they still appear in logs printed by Kafka Connect itself (as reported on the - now - relevant related issue #320).
Since that issue has been closed for a while and since other sources of leakages have been fixed on #159, I opened this one with a specific goal in mind: prevent leakages on logs printed by Kafka Connect itself.
The text was updated successfully, but these errors were encountered: