KIP-242 — Mask password in Kafka Connect Rest API response
Discussion Kafka 2.0.2 ConnectSecurity
Masks `PASSWORD`-type config fields in all Kafka Connect REST API responses (`/connectors/{name}`, `/connectors/{name}/config`, `/tasks`) by replacing their values with `[hidden]`. The REST API currently returns connector configurations including database passwords and secret keys in plaintext, exposing credentials to anyone with HTTP access to the Connect REST port.
Details
| Author | Vincent Meng |
| Status | Discussion |
| Kafka Version | 2.0.2 |
| JIRA | KAFKA-5117 |
| Wiki | View on Apache Wiki |
| Created | 2017-12-18 |
| Last Modified | 2018-04-12 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.