Hiding sensitive runtime properties in AWS Managed Apache Flink

0

Is there a way to hide sensitive runtime properties in AWS Managed Apache Flink (Amazon Kinesis Data Analytics)? They are currently displayed in plain text in the AWS console. Flink supposedly supports obfuscating properties with secret or password (https://issues.apache.org/jira/browse/FLINK-14047), but this isn't reflected in the AWS console. I haven't found any documentation showing if this is possible. If there is not a way to obfuscate these, what is the best way to get sensitive properties into the application without exposing them in plain text?

1 Answer
0

If a user has access to the Flink application, they will be able to see certain properties in plain text.

To prevent this, you can use the application properties as reference values for sensitive data stored in either AWS Systems Manager Parameter Store or AWS Secrets Manager. These reference values (e.g., DB_PASSWORD) are not sensitive by themselves.

In your application, you can retrieve these reference values from the application properties and use them to access the actual sensitive data from AWS services.

AWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions