mesos-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinod Kone <vinodk...@apache.org>
Subject Re: Questions about secret handling in Mesos
Date Thu, 26 Apr 2018 22:32:18 GMT
We do direct protobuf to JSON conversion for our API endpoints and I don't
think we do any special case logic for `Secret` type in that conversion. So
`value` based secrets will have their value show up in v1 (and likely v0)
API endpoints.

On Mon, Apr 23, 2018 at 9:25 AM, Zhitao Li <zhitaoli.cs@gmail.com> wrote:

> Hi Alexander,
>
> We discovered that in our own testing thus do not plan to use the
> environment variable. For the `volume/secret` case, I believe it's possible
> to be careful enough so we do not log that, so it's more about whether we
> want to promise that.
>
> What do you think?
>
> On Mon, Apr 23, 2018 at 5:13 AM, Alexander Rojas <alexander@mesosphere.io>
> wrote:
>
>>
>> Hey Zhitao,
>>
>> I sadly have to tell you that the first assumption is not correct. If you
>> use environment based secrets, docker and verbose mode, they will get
>> printed (see this patch https://reviews.apache.org/r/57846/). The reason
>> is that the docker command will get logged and it might contain your
>> secrets. You may end up with some logging line like:
>>
>> ```
>> I0129 14:09:22.444318 docker.cpp:1139] Running docker -H
>> unix:///var/run/docker.suck run --cpu-shares 25 --memory 278435456 -e
>> ADMIN_PASSWORD=test_password …
>> ```
>>
>>
>> On 19. Apr 2018, at 19:57, Zhitao Li <zhitaoli.cs@gmail.com> wrote:
>>
>> Hello,
>>
>> We at Uber plan to use volume/secret isolator to send secrets from Uber
>> framework to Mesos agent.
>>
>> For this purpose, we are referring to these documents:
>>
>>    - File based secrets design doc
>>    <https://docs.google.com/document/d/18raiiUfxTh-JBvjd6RyHe_TOScY87G_bMi5zBzMZmpc/edit#>
>>    and slides
>>    <http://schd.ws/hosted_files/mesosconasia2017/70/Secrets%20Management%20in%20Mesos.pdf>
>>    .
>>    - Apache Mesos secrets documentation
>>    <http://mesos.apache.org/documentation/latest/secrets/>
>>
>> Could you please confirm that the following assumptions are correct?
>>
>>    - Mesos agent and master will never log the secret data at any
>>    logging level;
>>    - Mesos agent and master will never expose the secret data as part of
>>    any API response;
>>    - Mesos agent and master will never store the secret in any
>>    persistent storage, but only on tmpfs or ramfs;
>>    - When the secret is first downloaded on the mesos agent, it will be
>>    stored as "root" on the tmpfs/ramfs before being mounted in the container
>>    ramfs.
>>
>> If above assumptions are true, then I would like to see them documented
>> in this as part of the Apache Mesos secrets documentation
>> <http://mesos.apache.org/documentation/latest/secrets/>. Otherwise, we'd
>> like to have a design discussion with maintainer of the isolator.
>>
>> We appreciate your help regarding this. Thanks!
>>
>> Regards,
>> Aditya And Zhitao
>>
>>
>>
>
>
> --
> Cheers,
>
> Zhitao Li
>

Mime
View raw message