Note that we already mask password related config values[1]. The issue is
that it only happens after parsing, and the output of `logUnused` is based
on the `originals` map, which has the values before parsing:
public void logUnused() {
for (String key : unused())
log.warn("The configuration {} = {} was supplied but isn't a
known config.", key, this.originals.get(key));
}
Ismael
[1]
https://github.com/apache/kafka/commit/ab5ac264a71d7f895b21b4acfd93d9581dabd7c1
On Wed, Aug 17, 2016 at 12:55 PM, Manikumar Reddy <manikumar.re...@gmail.com
> wrote:
> During server/client startup, we are logging all the supplied configs. May
> be we can just mask
> the password related config values for both valid/invalid configs.
>
> On Wed, Aug 17, 2016 at 5:14 PM, Jaikiran Pai <jai.forums2...@gmail.com>
> wrote:
>
> > Any opinion about this proposed change?
> >
> > -Jaikiran
> >
> > On Tuesday 16 August 2016 02:28 PM, Jaikiran Pai wrote:
> >
> >> We are using 0.9.0.1 of Kafka (Java) libraries for our Kafka consumers
> >> and producers. In one of our consumers, our consumer config had a SSL
> >> specific property which ended up being used against a non-SSL Kafka
> broker
> >> port. As a result, the logs ended up seeing messages like:
> >>
> >> 17:53:33,722 WARN [o.a.k.c.c.ConsumerConfig] - The configuration
> >> *ssl.truststore.password = foobar* was supplied but isn't a known
> config.
> >>
> >> The log message is fine and makes sense, but can Kafka please not log
> the
> >> values of the properties and instead just include the config name which
> it
> >> considers as unknown? That way it won't ended up logging these
> potentially
> >> sensitive values. I understand that only those with access to these log
> >> files can end up seeing these values but even then some of our internal
> >> processes forbid logging such sensitive information to the logs. This
> log
> >> message will still end up being useful if only the config name is logged
> >> without the value.
> >>
> >> Can I add this as a JIRA and provide a patch?
> >>
> >> -Jaikiran
> >>
> >
> >
>
