The Vertica Forum recently got a makeover! Let us know what you think by filling out this short, anonymous survey.
Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!
9.3.1. Kafka scheduler and SASL_PLAINTEXT credentials
LauriPessi
Vertica Customer ✭
Is there a preferred approach for passing SASL_PLAINTEXT username & password to vkconfig?
Documentation suggests setting sasl.username and sasl.password to rdkafka via kafka_conf -parameter, but these expose the credentials to logs as cleartext with COPY commands generated by the scheduler.
Tagged:
0
Best Answers
-
SergeB
- Select Field - Employee
That's the only mechanism to pass these parameters at the moment. I will log an enhancement request to obfuscate the password in the logs (as is done for other sensitive parameters.
0 -
SergeB
- Select Field - Employee
This has been addressed in 12.0.4, there is now an extra parameter called kafka_conf_secret where you can put sensitive configuration options such as sasl.password. see: https://docs.vertica.com/12.0.x/en/new-features/12.0.4/kafka-integration/
1
Answers
We're now 2 major versions (v11.1.1-11) ahead of this discussion, the format of kafka_conf has changed to json but sasl.password passed with kafka_conf still seems to end up on query_requests and vertica.log as is?
Thanks, seems that we're due for an version upgrade.