[GitHub] [camel-kafka-connector] orpiske opened a new issue #1050: Prevent Kafka Connect from leaking passwords

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] [camel-kafka-connector] orpiske opened a new issue #1050: Prevent Kafka Connect from leaking passwords

GitBox

orpiske opened a new issue #1050:
URL: https://github.com/apache/camel-kafka-connector/issues/1050


   We need to mark password and other sensitive fields with `ConfigDef.Type.PASSWORD` instead of `ConfigDef.Type.STRING` as we currently do (for example, [here](https://github.com/apache/camel-kafka-connector/blob/master/connectors/camel-aws2-sqs-kafka-connector/src/main/java/org/apache/camel/kafkaconnector/aws2sqs/CamelAws2sqsSourceConnectorConfig.java#L362)).
   
   By annotating the fields as String, sensitive information is displayed on the logs:
   
   ```
   camel.component.aws2-s3.accessKey = accesskey
   ...
   camel.component.aws2-s3.secretKey
   ```
   
   These values are likely leaking in other ways as well (to-be-confirmed: REST interface?)
   
   After marking the field as password, this is what appears in the logs
   ```
   camel.component.aws2-s3.secretKey = [hidden]
   ```
   
   Although we have redacted them from our own logs, they still appear in logs printed by Kafka Connect itself (as reported on the - now - relevant related issue #320).
   
   Since that issue has been closed for a while and since other sources of leakages have been fixed on #159, I opened this one with a specific goal in mind: prevent leakages on logs printed by Kafka Connect itself.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [camel-kafka-connector] orpiske closed issue #1050: Prevent Kafka Connect from leaking passwords and sensitive data

GitBox

orpiske closed issue #1050:
URL: https://github.com/apache/camel-kafka-connector/issues/1050


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]


Reply | Threaded
Open this post in threaded view
|

[GitHub] [camel-kafka-connector] orpiske commented on issue #1050: Prevent Kafka Connect from leaking passwords and sensitive data

GitBox
In reply to this post by GitBox

orpiske commented on issue #1050:
URL: https://github.com/apache/camel-kafka-connector/issues/1050#issuecomment-784955990


   Fixed.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[hidden email]