kafka-ui icon indicating copy to clipboard operation
kafka-ui copied to clipboard

Published 20 hours ago verified publisher icon kafbat

Wizard: Mask credentials

Open Haarolean opened this issue 1 year ago • 4 comments

Discussed in https://github.com/kafbat/kafka-ui/discussions/647

Originally posted by AayushSaini101 November 6, 2024 Screenshot 2024-11-05 at 11 01 22 AM Hi team, we are running kafka ui in the docker and in future planning to host it so that other team can use it, but the credentials are clearly visible is there way to mask the credentials thanks

Haarolean avatar Nov 11 '24 14:11 Haarolean

@Haarolean Can you please prioritize this issue ?

AayushSaini101 avatar Nov 12 '24 06:11 AayushSaini101

Did you by any chance opted for following property ? DYNAMIC_CONFIG_ENABLED="true"

autometa101 avatar Nov 13 '24 12:11 autometa101

@autometa101 Thanks for a great point. Disabling dynamic configuration will prevent users from viewing secrets and credentials, but it will require using static configurations through server environment variables or a config file.

Masking secret fields is not a straightforward task, as secrets can appear in unstructured strings or properties, which is quite common in Kafka configurations.

In the future, I’d like to enable runtime secret retrieval from secure sources like Vault or AWS Secrets Manager. However, this would require significant effort, so I plan to postpone this feature and carefully consider its implementation before moving forward.

germanosin avatar Feb 24 '25 20:02 germanosin

@germanosin Yes, I use Terraform to pass configuration and avoid setting dynamic properties. P.S. Masking secret fields is absolutely essential for production servers.

autometa101 avatar Feb 25 '25 04:02 autometa101