export SSL_PASSWORD=secret flink run -yDsecurity.ssl.rest.*-password=$SSL_PASSWORD ... app.jar
Such way the code which starts the workload can store the passwords in a centrally protected area. This still can be hacked but at least not stored in plain text file. BR, G On Tue, Jan 18, 2022 at 10:18 AM 狗嗖 <1074768...@qq.com> wrote: > Hello, > security.ssl.rest.*-password and s3.secret.key are parameters in > flink-conf.xml that can only be set with plain text, which may lead to > password leak. Can anyone provide some other extended capabilities that > allow developers to configure cipher text and specify classes and methods > to decrypt it? Like all user needs to do is provide an encrypted password, > a class file or JAR package that helps decryption, and place them in flink > classpath. > Thanks, > Jerry >
