Apache Whirr (retired)
  1. Apache Whirr (retired)
  2. WHIRR-642

Whirr writes the AWS Secret key to the stdout. is it an unforeseen byproduct or intended behavior?

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.7.1, 0.9.0
    • Fix Version/s: 0.8.1
    • Component/s: cli
    • Labels:
      None
    • Environment:

      OSX Mountain Lion

      Description

      I used Whirr to launch a CDH cluster. Towards the end the whirr output has the AWS secret key in plain text as shown below.

      fs.s3.awsSecretAccessKey=qBqa*********************************, fs.s3.a
      wsAccessKeyId=AKIA****************, hadoop.rpc.socket.factory.class.default=org.apache.hadoop.net.SocksSocketFactory, fs.default.name=hdfs://ec2-*********.compute-1.amazonaws.c
      om:8020/, fs.s3n.awsSecretAccessKey=qBqaott5*************************}}

      is this intended behavior. Would it be not better to mask or not print the AWS Secret key to the stdout.

      One gd thing i noticed is that the AWS Secret Key is not written to the whirr.log file. Can we not have the same behavior for the stdout as well ?

      1. whirr-642.diff
        0.8 kB
        Steve Loughran

        Activity

        P Mohan created issue -
        P Mohan made changes -
        Field Original Value New Value
        Description I used Whirr to launch a CDH cluster. Towards the end the whirr output has the AWS secret key in plain text as shown below.

        fs.s3.awsSecretAccessKey=qBqa*********************************, fs.s3.a
        wsAccessKeyId=AKIA*****************, hadoop.rpc.socket.factory.class.default=org.apache.hadoop.net.SocksSocketFactory, fs.default.name=hdfs://ec2-**********.compute-1.amazonaws.c
        om:8020/, fs.s3n.awsSecretAccessKey=qBqaott5*************************}}

        is this intended behavior. Would it be not better to mask or not print the AWS Secret key to the stdin.

        One gd thing i noticed is that the AWS Secret Key is not written to the whirr.log file. Can we not have the same behavior for the stdout as well ?
        I used Whirr to launch a CDH cluster. Towards the end the whirr output has the AWS secret key in plain text as shown below.

        fs.s3.awsSecretAccessKey=qBqa*********************************, fs.s3.a
        wsAccessKeyId=AKIA*****************, hadoop.rpc.socket.factory.class.default=org.apache.hadoop.net.SocksSocketFactory, fs.default.name=hdfs://ec2-**********.compute-1.amazonaws.c
        om:8020/, fs.s3n.awsSecretAccessKey=qBqaott5*************************}}

        is this intended behavior. Would it be not better to mask or not print the AWS Secret key to the stdout.

        One gd thing i noticed is that the AWS Secret Key is not written to the whirr.log file. Can we not have the same behavior for the stdout as well ?
        Steve Loughran made changes -
        Priority Minor [ 4 ] Major [ 3 ]
        Steve Loughran made changes -
        Attachment whirr-642.diff [ 12545902 ]
        Steve Loughran made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Affects Version/s 0.9.0 [ 12319840 ]
        Tom White made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Assignee Steve Loughran [ stevel@apache.org ]
        Fix Version/s 0.8.1 [ 12322955 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Steve Loughran
            Reporter:
            P Mohan
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development