Florian Szabo created FLINK-20055:
-------------------------------------
Summary: Datadog API Key exposed in Flink JobManager logs
Key: FLINK-20055
URL:
https://issues.apache.org/jira/browse/FLINK-20055 Project: Flink
Issue Type: Improvement
Components: Runtime / Configuration
Affects Versions: 1.11.2, 1.9.1
Reporter: Florian Szabo
When Flink is set up to report metrics to Datadog, the JobManager log containe the Datadog API key in plain format. In fact it shows up in two different places:
{code:java}
2020-08-03 09:03:19,400 INFO org.apache.flink.configuration.GlobalConfiguration - Loading configuration property: metrics.reporter.dghttp.apikey, <REDACTED-KEY>
...
2020-08-03 09:03:20,437 INFO org.apache.flink.runtime.metrics.ReporterSetup - Configuring dghttp with {apikey=<REDACTED-KEY>, tags=<...>,profile:<...>,region:<...>,env:<...>, class=org.apache.flink.metrics.datadog.DatadogHttpReporter}.
{code}
The expected behavior here should be that the API key in both places is hidden so that it does not end up in places where it should not be.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
