OpenMetadata icon indicating copy to clipboard operation
OpenMetadata copied to clipboard

Published 20 hours ago verified publisher icon open-metadata

Ingestion framework logs plaintext passwords on error

Open jasonstitt opened this issue 10 months ago • 0 comments

Affected module

Ingestion Framework

Describe the bug

Upon an error, the ingestion framework can log the contents of the configuration YAML file, which contains passwords in plaintext, such as the database password, and the bot JWT.

To Reproduce

Set up custom ingestion as documented. Run metadata ingest -c "config.yaml" with a config.yaml that contains an erroneous value.

Expected behavior

Any one of:

  1. The config file can contain env var references instead of secrets
  2. The config file is not logged
  3. The config file is logged with redaction

Version:

  • OS: linux
  • Python version: 3.11
  • OpenMetadata version: 1.3.2
  • OpenMetadata Ingestion package version: openmetadata-ingestion = {extras = ["postgres"], version = "^1.3.2.0"}

jasonstitt avatar Apr 17 '24 16:04 jasonstitt