Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KEP-1753: Deprecate dynamic log sanitization #3096

Merged
merged 3 commits into from
Jan 7, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
- [Goals](#goals)
- [Non-Goals](#non-goals)
- [Proposal](#proposal)
- [Deprecation](#deprecation)
- [Risks and Mitigations](#risks-and-mitigations)
- [Performance overhead](#performance-overhead)
- [Design Details](#design-details)
Expand Down Expand Up @@ -105,6 +106,16 @@ We also propose to implement a small library which could use the above informati

Finally we propose to integrate this library with the klog logging library used by Kubernetes in a way that when enabled the log entries which contain information marked as sensitive will be redacted from the logs.

### Deprecation

Dynamic log sanitization was added as an experimental alpha feature under SIG Instrumentation in the 1.20 release. When it was introduced, the SIG had some reservations about the feature and its performance, but concluded that an alpha POC would be low risk. We encouraged exploring alternatives, and that eventually resulted in the implementation of static analysis as part of our presubmit CI to ensure secrets are not being logged. This alternative implementation has graduated to stable in the 1.23 cycle.

During SIG Instrumentation's Dec. 9 meeting, we discussed the support burden of this feature and the issues this may cause in blocking other new logging improvements. Hence, we would like to deprecate the feature in the 1.24 cycle. Since this is an alpha feature, this means it will be entirely removed.

Note that [data policy tags](#source-code-tags) will not be deprecated or removed, as they are currently in use by [KEP-1933] and may be used by other automated tools in the future.

[KEP-1933]: /keps/sig-security/1933-secret-logging-static-analysis/README.md

### Risks and Mitigations

#### Performance overhead
Expand Down Expand Up @@ -231,6 +242,7 @@ To address them we propose:

* 2020-05-08 - Original Proposal
* 2020-08-07 - Merged as provisional
* 2021-12-23 - Marked for deprecation

## Drawbacks

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@ authors:
- "@44past4"
- "@immutableT"
- "@PurelyApplied"
owning-sig: sig-security
owning-sig: sig-instrumentation
participating-sigs:
- sig-instrumentation
status: implementable
- sig-security
status: implemented (alpha)
creation-date: 2020-05-07
last-updated: 2020-10-14
stage: alpha
latest-milestone: "1.19"
stage: alpha (deprecated)
latest-milestone: "1.24"
milestone:
alpha: "v1.19"
deprecated: "v1.24"
removed: "v1.24"
reviewers:
- "@ehashman"
approvers:
Expand Down