Hey Konstantin, I'd be in favor of not printing them at all, i.e. option (d). We have the configuration page which lists the effective config and already removes any known secrets.
-Max On Tue, Nov 15, 2022 at 11:26 AM Konstantin Knauf <kna...@apache.org> wrote: > Hi all, > > since Flink 1.17 [1] the Flink Web UI prints *all* environment variables of > the Taskmanager or Jobmanagers hosts (Jobmanager -> Configuration -> > Environment). Given that environment variables are often used to store > sensitive information, I think, it is wrong and dangerous to print those in > the Flink Web UI. Specifically, thinking about how Kubernetes Secrets are > usually injected into Pods. > > One could argue that anyone who can submit a Flink Job to a cluster has > access to these environment variables anyway, but not everyone who has > access to the Flink UI can submit a Flink Job. > > I see the the following options: > a) leave as is > b) apply same obfuscation as in flink-conf.yaml based on some heuristic (no > "secret", "password" in env var name) > c) only print allow-listed values > d) don't print any env vars in the web UI (at least by default) > > What do you think? > > Cheers, > > Konstantin > > [1] https://issues.apache.org/jira/browse/FLINK-28311 > > -- > https://twitter.com/snntrable > https://github.com/knaufk >
