Schema Registry credentials should not be printed in the Spark plan

[kevinwallimann]

Currently, schema registry credentials can be leaked in the spark plan, like this

Obviously, this is a security risk.

The values of the specific keys containing passwords should be redacted, namely schema.registry.basic.auth.user.info, basic.auth.user.info, and bearer.auth.token. Another option is not to print the whole schema registry conf at all since arguably the schema registry config is not relevant for the analysis of the spark plan

[cerveada]

Is this a log in Abris? Or who is printing this?

[kevinwallimann]

I took the screenshot from the SQL tab of a streaming query in spark history. It's not a direct log in Abris, but I suspect that it's the default toString implementation of FromAvroConfig or sth like that