Preventing passwords from displaying in clear text in the console output and log files

author
Irshad Burtally
EnrichVersion
6.5
EnrichProdName
Talend Big Data Platform
Talend Big Data
Talend Data Integration
Talend Data Services Platform
Talend ESB
Talend Open Studio for Data Integration
Talend Data Fabric
Talend Open Studio for ESB
Talend Open Studio for MDM
Talend Real-Time Big Data Platform
Talend MDM Platform
Talend Data Management Platform
Talend Open Studio for Big Data
task
Design and Development > Designing Jobs
EnrichPlatform
Talend Studio

Preventing passwords from displaying in clear text in the console output and log files

This article describes how to prevent passwords from appearing in clear text within Talend console output and log files.

Overview

It is a good practice to obfuscate or hide passwords from console output and log files. Internal policies or industry regulations may dictate that passwords must not be visible in clear text form within log files. Certain policies allow the encrypted hash value to be displayed for the purpose of debugging, while others dictate that passwords must not appear at all.

Talend can obfuscate or exclude passwords from within Talend Studio and the log files.

Hiding passwords in the console output and log files

This sections explains how to configure your Talend Studio to hide or obfuscate passwords. The configurations are applicable to data integration jobs only.

Procedure

  1. Navigate to Project Settings and clear the Print Operations check box.
    To be safe, it is also recommended to select Disable errors, Disable warnings and Disable info to prevent any context-related information from being printed to the console output or log file. This is to avoid context variable values from being printed to the console output or log file if the context variable is not used in the job to trigger a warning, or if the value is printed just for information.
  2. If you use the tContextLoad component, set the same options as in the previous step.
  3. If you use tContextDump, select the Hide Password check box.

    If this check box is not available in your version of Talend, it is recommended to upgrade it.

    The value of the password will be hidden and asterisks will be displayed instead.

  4. Use a context variable.
    The context variable value of the Password type is encoded so that it is not in clear text. It is an obfuscation algorithm, not a one-way encryption. The password is decoded at run time before connecting to the source or target system. The password is displayed in asterisks in Talend Studio, in the console and in the log file.
  5. Click the Code tab on a Job and check if System.out.println() was hand-coded to write the value of the password to the console output and log files.
  6. Check the user-defined code routines for a hard-coded password or System.out.println() trying to write the value of the password to the console output and log files.