mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Subodh Pachghare (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-7292) Introduce a "sensitive mode" in Mesos which prevents leaks of sensitive data.
Date Wed, 31 May 2017 19:09:04 GMT

    [ https://issues.apache.org/jira/browse/MESOS-7292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16031759#comment-16031759
] 

Subodh Pachghare commented on MESOS-7292:
-----------------------------------------

Just a few suggestions - 

1. Implement a encryption logic for env variables. Something like Travis CI.
2. Vault integrations into Mesos.
3. A prefix SECRET_* obfuscation of details on logs.

Thanks,
Subodh Pachghare

> Introduce a "sensitive mode" in Mesos which prevents leaks of sensitive data.
> -----------------------------------------------------------------------------
>
>                 Key: MESOS-7292
>                 URL: https://issues.apache.org/jira/browse/MESOS-7292
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Alexander Rukletsov
>              Labels: mesosphere, security
>
> Consider a following scenario. A user passes some sensitive data in an environment variable
to a task. These data may be logged by Mesos components, e.g., executor as part of {{mesos-containerizer}}
invocation. While this is useful for debugging, this might be an issue in some production
environments.
> One of the solution is to have global "sensitive mode", that turns off logging of such
sensitive data.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message