devshawn/kafka-gitops

kafka-gitops should never output passwords

oocx opened this issue · 2 comments

oocx commented

When I run kafka-gitops with -v, it outputs username and password in plain text:

kafka-gitops-grxt4 kafka-gitops 07:02:35.026 [main] INFO com.devshawn.kafka.gitops.config.KafkaGitopsConfigLoader - Kafka Config: {sasl.mechanism=PLAIN, sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="my-username" password="my-password";, bootstrap.servers=..., sasl.enabled.mechanisms=PLAIN, client.id=kafka-gitops}

If I run kafka-gitops as part of a job in our kubernetes cluster, the password will end up in our log files.

kafka-gitops should never print credentials to avoid leaking them to logs.

Duplicates #93

@oocx If you're still interested, this issue should have been fixed in https://github.com/joschi/kafka-gitops/releases/tag/0.2.16.