samza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Riccomini <>
Subject Re: Storing sensitive data in the Config
Date Mon, 09 Mar 2015 23:27:13 GMT
Hey Tommy,

Yea, this has come up a few times. We don't currently have an answer for
it. The simplest thing to do would be to have a prefix. Any config with the
prefix could be stripped from the AM and logs. Another possibility is to
store the configs in an encrypted way, and have the code decrypt the
configs at runtime.

Can you open a JIRA up to track this? Do you have any other thoughts on the
best way to handle this?


On Mon, Mar 9, 2015 at 1:00 PM, Tommy Becker <> wrote:

> We have some sensitive information that we are currently storing in the
> Samza config.  Our ops guys have some concern regarding where the config is
> displayed (e.g. in logs, app master UI, etc).  I'm curious if others have
> had similar concerns and if so what you did about it.  Seems like we might
> be able to use system properties for these things, albeit at a significant
> cost to convenience.  It would be nice if it were possible to mark config
> values as sensitive (perhaps via some sort of naming convention), and have
> such values be retrievable only via explicit get on the key so these sort
> of incidental exposures can't happen.
> --
> Tommy Becker
> Senior Software Engineer
> Digitalsmiths
> A TiVo Company
> ________________________________
> This email and any attachments may contain confidential and privileged
> material for the sole use of the intended recipient. Any review, copying,
> or distribution of this email (or any attachments) by others is prohibited.
> If you are not the intended recipient, please contact the sender
> immediately and permanently delete this email and any attachments. No
> employee or agent of TiVo Inc. is authorized to conclude any binding
> agreement on behalf of TiVo Inc. by email. Binding agreements with TiVo
> Inc. may only be made by a signed written agreement.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message