[
https://issues.apache.org/jira/browse/KAFKA-14115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Arthur resolved KAFKA-14115.
----------------------------------
Assignee: David Arthur (was: Prem Kamal)
Resolution: Fixed
> Password configs are logged in plaintext in KRaft
> -------------------------------------------------
>
> Key: KAFKA-14115
> URL: https://issues.apache.org/jira/browse/KAFKA-14115
> Project: Kafka
> Issue Type: Bug
> Components: kraft
> Reporter: David Arthur
> Assignee: David Arthur
> Priority: Critical
> Fix For: 3.3.0, 3.4.0, 3.2.2
>
>
> While investigating KAFKA-14111, I also noticed that
> ConfigurationControlManager is logging sensitive configs in plaintext at INFO
> level.
> {code}
> [2022-07-27 12:14:09,927] INFO [Controller 1] ConfigResource(type=BROKER,
> name='1'): set configuration listener.name.external.ssl.key.password to bar
> (org.apache.kafka.controller.ConfigurationControlManager)
> {code}
> Once this new config reaches the broker, it is logged again, but this time it
> is redacted
> {code}
> [2022-07-27 12:14:09,957] INFO [BrokerMetadataPublisher id=1] Updating broker
> 1 with new configuration : listener.name.external.ssl.key.password ->
> [hidden] (kafka.server.metadata.BrokerMetadataPublisher)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
