[jira] [Updated] (FLINK-36456) Improve Security in DatadogHttpReporterFactory by providing ENV alternative to retrieve API key

Raul Garcia (Jira) Wed, 09 Oct 2024 08:57:23 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-36456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Raul Garcia updated FLINK-36456:
--------------------------------
    Component/s: Runtime / Configuration
                     (was: Runtime / Metrics)

> Improve Security in DatadogHttpReporterFactory by providing ENV alternative 
> to retrieve API key
> -----------------------------------------------------------------------------------------------
>
>                 Key: FLINK-36456
>                 URL: https://issues.apache.org/jira/browse/FLINK-36456
>             Project: Flink
>          Issue Type: Improvement
>          Components: Runtime / Configuration
>            Reporter: Raul Garcia
>            Priority: Minor
>
> The current implementation of the {{DatadogHttpReporterFactory}} class 
> retrieves the Datadog API key from the Flink configuration. In Kubernetes 
> environments, this typically means storing the API key in ConfigMaps, which 
> can expose sensitive information in plain text. Since ConfigMaps are not 
> designed to hold secrets, this approach poses potential security risks.
> My proposal is to fallback to {{DD_API_KEY}} which is the standard way of 
> passing the API key to containers and it's usually available in the 
> environment.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-36456) Improve Security in DatadogHttpReporterFactory by providing ENV alternative to retrieve API key

Reply via email to