search

omarsmak / kafka-consumer-lag-monitoring

Client tool that exports the consumer lag of Kafka consumer groups to Prometheus or your terminal
MIT License
51 stars 13 forks source link

MonitoringEngine.kt leaks passwords #36

Open colinleroy opened 1 year ago

colinleroy commented 1 year ago

Describe the bug The logging of Kafka Configs / Components configs leaks passwords.

To Reproduce Steps to reproduce the behavior: configure something like

kafka.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
  username="monitoring" \
  password="very-secret-password";
kafka.ssl.truststore.password=another-password

kafka-consumer-lag-monitoring logs Kafka Configs as

Kafka Configs: {ssl.truststore.password=another-password, security.protocol=SASL_SSL, ssl.endpoint.identification.algorithm=, ssl.truststore.location=/etc/ssl/certs/java/cacerts, bootstrap.servers=..., sasl.mechanism=PLAIN, sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="monitor" password="very-secret-password";, client.id=kafka-lag-exporter, ssl.truststore.type=PKCS12}

Expected behavior kafka-consumer-lag-monitoring logs Kafka Configs as

Kafka Configs: {ssl.truststore.password=[REDACTED], security.protocol=SASL_SSL, ssl.endpoint.identification.algorithm=, ssl.truststore.location=/etc/ssl/certs/java/cacerts, bootstrap.servers=..., sasl.mechanism=PLAIN, sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="monitor" password="[REDACTED]";, client.id=kafka-lag-exporter, ssl.truststore.type=PKCS12}
ghost commented 1 year ago

@omarsmak Are there any plans for a new release containing this fix?

omarsmak commented 1 year ago

@jeromewaibel I am trying to release. However I am having issues with both nexus and travis (credit ran out, requested credit). If is critical, you may need to build it locally https://github.com/omarsmak/kafka-consumer-lag-monitoring/tree/0.1.3 . Sorry