[jira] [Created] (KAFKA-14115) Password configs are logged in plaintext in KRaft

David Arthur (Jira) Wed, 27 Jul 2022 09:17:07 -0700

David Arthur created KAFKA-14115:
------------------------------------

             Summary: Password configs are logged in plaintext in KRaft
                 Key: KAFKA-14115
                 URL: https://issues.apache.org/jira/browse/KAFKA-14115
             Project: Kafka
          Issue Type: Bug
            Reporter: David Arthur
             Fix For: 3.3.0, 3.4.0


While investigating KAFKA-14111, I also noticed that 
ConfigurationControlManager is logging sensitive configs in plaintext at INFO 
level.


{code}
[2022-07-27 12:14:09,927] INFO [Controller 1] ConfigResource(type=BROKER, 
name='1'): set configuration listener.name.external.ssl.key.password to bar 
(org.apache.kafka.controller.ConfigurationControlManager)
{code}

Once this new config reaches the broker, it is logged again, but this time it 
is redacted

{code}
[2022-07-27 12:14:09,957] INFO [BrokerMetadataPublisher id=1] Updating broker 1 
with new configuration : listener.name.external.ssl.key.password -> [hidden] 
(kafka.server.metadata.BrokerMetadataPublisher)
{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-14115) Password configs are logged in plaintext in KRaft

Reply via email to