Hi all, since Flink 1.17 [1] the Flink Web UI prints *all* environment variables of the Taskmanager or Jobmanagers hosts (Jobmanager -> Configuration -> Environment). Given that environment variables are often used to store sensitive information, I think, it is wrong and dangerous to print those in the Flink Web UI. Specifically, thinking about how Kubernetes Secrets are usually injected into Pods.
One could argue that anyone who can submit a Flink Job to a cluster has access to these environment variables anyway, but not everyone who has access to the Flink UI can submit a Flink Job. I see the the following options: a) leave as is b) apply same obfuscation as in flink-conf.yaml based on some heuristic (no "secret", "password" in env var name) c) only print allow-listed values d) don't print any env vars in the web UI (at least by default) What do you think? Cheers, Konstantin [1] https://issues.apache.org/jira/browse/FLINK-28311 -- https://twitter.com/snntrable https://github.com/knaufk
