Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support redact SHOW CREATE on demand #14115

Closed
zwang28 opened this issue Dec 21, 2023 · 9 comments
Closed

support redact SHOW CREATE on demand #14115

zwang28 opened this issue Dec 21, 2023 · 9 comments
Assignees
@zwang28
Labels
type/feature

Comments

@zwang28
Copy link
Contributor

zwang28 commented Dec 21, 2023
edited
Loading

Is your feature request related to a problem? Please describe.

Sensitive properties of source/sink, e.g. s3.credentials.secret and schema.registry.password, should be redacted first before included in text that may be shared, e.g. show create source/sink/table, diagnostic report.

#12673

Describe the solution you'd like

No response

Describe alternatives you've considered

No response

Additional context
@zwang28 zwang28 self-assigned this Dec 21, 2023
@github-actions github-actions bot added this to the release-1.6 milestone Dec 21, 2023
@zwang28 zwang28 changed the title support redact source/sink properties on demand support redact SHOW CREATE on demand Dec 23, 2023
@zwang28 zwang28 mentioned this issue Dec 25, 2023
Closed
9 tasks
@xxchan
Copy link
Member

xxchan commented Dec 26, 2023

How is this related with #7034?

@zwang28
Copy link
Contributor Author

zwang28 commented Dec 27, 2023

How is this related with #7034?

Pls ignore that. Previously I thought changes on persisted catalog was required, but it turns out to be wrong.

@zwang28 zwang28 modified the milestones: release-1.6, release-1.7 Jan 9, 2024
@zwang28 zwang28 mentioned this issue Jan 24, 2024
Closed
9 tasks
@BugenZhao BugenZhao mentioned this issue Mar 4, 2024
Closed
@fuyufjh
Copy link
Member

fuyufjh commented Mar 5, 2024

Hi, @zwang28 any progress?

@zwang28
Copy link
Contributor Author

zwang28 commented Mar 5, 2024
edited
Loading

Hi, @zwang28 any progress?

#14760 adds a helper function to redact a SQL string. It's under review.

With regards to its call site. I intended to:

  • Always redact in diagnostic report.
  • Because sometimes user does want to view the secrets, show create should be optionally redacted, e.g. only object owner can view the plain text.

@zwang28 zwang28 modified the milestones: release-1.7, release-1.8 Mar 6, 2024
@zwang28 zwang28 removed this from the release-1.8 milestone Apr 8, 2024
@zwang28
Copy link
Contributor Author

zwang28 commented Apr 8, 2024

go for risingwavelabs/rfcs#86

@zwang28 zwang28 closed this as not planned Won't fix, can't repro, duplicate, stale Apr 8, 2024
@stefannegele
Copy link

As SECRETS will be premium feature (https://docs.risingwave.com/docs/dev/manage-secrets/), can we reopen this?

@xxchan
Copy link
Member

xxchan commented Aug 14, 2024

I think we are not going to support this and you can use the premium edition.

@stefannegele
Copy link

Sad to read. At this point, it's not my decision to use the premium edition or not.

Furthermore, I think it's just bad practice to put sensitive information in logs, even for unpaid open-source software, as it prevents people from evaluating it in a productive environment.

Sorry if this sounds demanding coming from someone who uses your software for free. I really like your product and appreciate your efforts.

@mrayees
Copy link

mrayees commented Aug 15, 2024

@stefannegele Thanks for your feedback. Let me look into it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zwang28 zwang28

Labels
type/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@stefannegele @mrayees @fuyufjh @xxchan @zwang28