Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Kafka Connect from leaking passwords and sensitive data #1050

Closed
orpiske opened this issue Feb 23, 2021 · 1 comment
Closed

Prevent Kafka Connect from leaking passwords and sensitive data #1050

orpiske opened this issue Feb 23, 2021 · 1 comment
Assignees
@orpiske
Labels
0.7.3 0.9.0 bug Something isn't working
Milestone
0.9.0

Comments

@orpiske
Copy link
Contributor

orpiske commented Feb 23, 2021

We need to mark password and other sensitive fields with ConfigDef.Type.PASSWORD instead of ConfigDef.Type.STRING as we currently do (for example, here).

By annotating the fields as String, sensitive information is displayed on the logs:

camel.component.aws2-s3.accessKey = accesskey
...
camel.component.aws2-s3.secretKey

These values are likely leaking in other ways as well (to-be-confirmed: REST interface?)

After marking the field as password, this is what appears in the logs

camel.component.aws2-s3.secretKey = [hidden]

Although we have redacted them from our own logs, they still appear in logs printed by Kafka Connect itself (as reported on the - now - relevant related issue #320).

Since that issue has been closed for a while and since other sources of leakages have been fixed on #159, I opened this one with a specific goal in mind: prevent leakages on logs printed by Kafka Connect itself.
@orpiske orpiske self-assigned this Feb 23, 2021
@orpiske orpiske added the bug Something isn't working label Feb 23, 2021
@orpiske orpiske changed the title Prevent Kafka Connect from leaking passwords Prevent Kafka Connect from leaking passwords and sensitive data Feb 23, 2021
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Feb 23, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
0772217 
…in Kafka Connect logs (issue apache#1050)
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Feb 23, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue apache#1050)
0a21b2d
orpiske added a commit that referenced this issue Feb 23, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
b6b211a 
…in Kafka Connect logs (issue #1050)
orpiske added a commit that referenced this issue Feb 23, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue #1050)
865903e
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Feb 23, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
dbe4679 
…in Kafka Connect logs (issue apache#1050)
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Feb 23, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue apache#1050
327b8d6 
…0.7.x)
orpiske added a commit to jboss-fuse/camel-kafka-connector that referenced this issue Feb 23, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
e2ef1bb 
…in Kafka Connect logs (issue apache#1050)
orpiske added a commit to jboss-fuse/camel-kafka-connector that referenced this issue Feb 23, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue apache#1050
c6b726f 
…- backport)
orpiske added a commit that referenced this issue Feb 23, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
06e7313 
…in Kafka Connect logs (issue #1050)
orpiske added a commit that referenced this issue Feb 23, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue #1050 0.7.x)
af382e9
@orpiske
Copy link
Contributor Author

orpiske commented Feb 24, 2021

Fixed.

@orpiske orpiske closed this as completed Feb 24, 2021
@oscerd oscerd added this to the 0.9.0 milestone Feb 24, 2021
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Mar 2, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
d0660b9 
…in Kafka Connect logs (issue apache#1050)
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Mar 2, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue apache#1050)
4c9554d
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Mar 2, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
7f06f95 
…in Kafka Connect logs (issue apache#1050)
orpiske added a commit to orpiske/camel-kafka-connector that referenced this issue Mar 2, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue apache#1050)
2d6f9e4
orpiske added a commit that referenced this issue Mar 2, 2021
@orpiske
Prevent sensitive data marked as secret config in Camel from leaking …
e6a1b71 
…in Kafka Connect logs (issue #1050)
orpiske added a commit that referenced this issue Mar 2, 2021
@orpiske
Regen all configs with secret/sensitive values (ref: issue #1050)
22d86e3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@orpiske orpiske

Labels
0.7.3 0.9.0 bug Something isn't working
Projects
None yet
Milestone
0.9.0
Development

No branches or pull requests
2 participants
@orpiske @oscerd