Uploaded image for project: 'Apache Whirr (retired)'
  1. Apache Whirr (retired)
  2. WHIRR-642

Whirr writes the AWS Secret key to the stdout. is it an unforeseen byproduct or intended behavior?

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.7.1, 0.9.0
    • 0.8.1
    • cli
    • None
    • OSX Mountain Lion

    Description

      I used Whirr to launch a CDH cluster. Towards the end the whirr output has the AWS secret key in plain text as shown below.

      fs.s3.awsSecretAccessKey=qBqa*********************************, fs.s3.a
      wsAccessKeyId=AKIA****************, hadoop.rpc.socket.factory.class.default=org.apache.hadoop.net.SocksSocketFactory, fs.default.name=hdfs://ec2-*********.compute-1.amazonaws.c
      om:8020/, fs.s3n.awsSecretAccessKey=qBqaott5*************************}}

      is this intended behavior. Would it be not better to mask or not print the AWS Secret key to the stdout.

      One gd thing i noticed is that the AWS Secret Key is not written to the whirr.log file. Can we not have the same behavior for the stdout as well ?

      Attachments

        1. whirr-642.diff
          0.8 kB
          Steve Loughran

        Activity

          People

            stevel@apache.org Steve Loughran
            pmohan P Mohan
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment