Uploaded image for project: 'Samza'
  1. Samza
  2. SAMZA-589

Need a way to flag sensitive information in Config

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.8.0
    • Fix Version/s: 0.9.0
    • Component/s: container
    • Labels:
      None

      Description

      Currently, the full contents of a job's Config is exposed in at least a couple of places including the logs (logged by SamzaContainer), and the ApplicationMaster UI's config page. There is a security concern with doing that if sensitive information (e.g. credentials) is stored there. It would be nice to be able to mark sensitive config values so that they are not displayed in such ways. The only thing that springs to mind is a special naming convention, perhaps a "sensitive" prefix that would identify these values. Ideally such a capability would be baked into Config itself, but minimally Samza code that exposes Config could be made aware of the convention to avoid displaying the plaintext of sensitive values.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              twbecker Tommy Becker
              Reporter:
              twbecker Tommy Becker

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment