Uploaded image for project: 'Apache Whirr (retired)'
  1. Apache Whirr (retired)
  2. WHIRR-642

Whirr writes the AWS Secret key to the stdout. is it an unforeseen byproduct or intended behavior?

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.7.1, 0.9.0
    • Fix Version/s: 0.8.1
    • Component/s: cli
    • Labels:
      None
    • Environment:

      OSX Mountain Lion

      Description

      I used Whirr to launch a CDH cluster. Towards the end the whirr output has the AWS secret key in plain text as shown below.

      fs.s3.awsSecretAccessKey=qBqa*********************************, fs.s3.a
      wsAccessKeyId=AKIA****************, hadoop.rpc.socket.factory.class.default=org.apache.hadoop.net.SocksSocketFactory, fs.default.name=hdfs://ec2-*********.compute-1.amazonaws.c
      om:8020/, fs.s3n.awsSecretAccessKey=qBqaott5*************************}}

      is this intended behavior. Would it be not better to mask or not print the AWS Secret key to the stdout.

      One gd thing i noticed is that the AWS Secret Key is not written to the whirr.log file. Can we not have the same behavior for the stdout as well ?

        Attachments

        1. whirr-642.diff
          0.8 kB
          Steve Loughran

          Activity

            People

            • Assignee:
              stevel@apache.org Steve Loughran
              Reporter:
              pmohan P Mohan
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: