diff --git a/Cargo.lock b/Cargo.lock index dbce3dfae9f3b..f03347d622208 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6645,6 +6645,12 @@ dependencies = [ "zstd-sys", ] +[[package]] +name = "redact" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b97c0a6319ae55341eb213c8ef97002630a3a5bd6f287f0124d077121d3f2a5" + [[package]] name = "redis" version = "0.23.3" @@ -7753,6 +7759,7 @@ dependencies = [ "madsim-tokio", "madsim-tonic", "prometheus-http-query", + "redact", "regex", "risingwave_common", "risingwave_common_heap_profiling", diff --git a/src/cmd_all/src/standalone.rs b/src/cmd_all/src/standalone.rs index 8ebe2c7112c49..15a46d789ff3d 100644 --- a/src/cmd_all/src/standalone.rs +++ b/src/cmd_all/src/standalone.rs @@ -195,7 +195,7 @@ mod test { // Test parsing into standalone-level opts. let raw_opts = " --compute-opts=--listen-addr 127.0.0.1:8000 --total-memory-bytes 34359738368 --parallelism 10 ---meta-opts=--advertise-addr 127.0.0.1:9999 --data-directory \"some path with spaces\" --listen-addr 127.0.0.1:8001 +--meta-opts=--advertise-addr 127.0.0.1:9999 --data-directory \"some path with spaces\" --listen-addr 127.0.0.1:8001 --etcd-password 1234 --frontend-opts=--config-path=src/config/original.toml --prometheus-listener-addr=127.0.0.1:1234 --config-path=src/config/test.toml @@ -203,7 +203,7 @@ mod test { let actual = StandaloneOpts::parse_from(raw_opts.lines()); let opts = StandaloneOpts { compute_opts: Some("--listen-addr 127.0.0.1:8000 --total-memory-bytes 34359738368 --parallelism 10".into()), - meta_opts: Some("--advertise-addr 127.0.0.1:9999 --data-directory \"some path with spaces\" --listen-addr 127.0.0.1:8001".into()), + meta_opts: Some("--advertise-addr 127.0.0.1:9999 --data-directory \"some path with spaces\" --listen-addr 127.0.0.1:8001 --etcd-password 1234".into()), frontend_opts: Some("--config-path=src/config/original.toml".into()), compactor_opts: None, prometheus_listener_addr: Some("127.0.0.1:1234".into()), @@ -228,7 +228,7 @@ mod test { etcd_endpoints: "", etcd_auth: false, etcd_username: "", - etcd_password: "", + etcd_password: [REDACTED alloc::string::String], sql_endpoint: None, dashboard_ui_path: None, prometheus_endpoint: None, diff --git a/src/meta/node/Cargo.toml b/src/meta/node/Cargo.toml index 84793a74591c8..dcfa053fdfc4b 100644 --- a/src/meta/node/Cargo.toml +++ b/src/meta/node/Cargo.toml @@ -21,6 +21,7 @@ etcd-client = { workspace = true } futures = { version = "0.3", default-features = false, features = ["alloc"] } itertools = "0.11" prometheus-http-query = "0.7" +redact = "0.1.5" regex = "1" risingwave_common = { workspace = true } risingwave_common_heap_profiling = { workspace = true } diff --git a/src/meta/node/src/lib.rs b/src/meta/node/src/lib.rs index bf1bddad2070f..4be2bba4039b2 100644 --- a/src/meta/node/src/lib.rs +++ b/src/meta/node/src/lib.rs @@ -17,10 +17,12 @@ #![cfg_attr(coverage, feature(coverage_attribute))] mod server; + use std::time::Duration; use clap::Parser; pub use error::{MetaError, MetaResult}; +use redact::Secret; use risingwave_common::config::OverrideConfig; use risingwave_common::util::resource_util; use risingwave_common::{GIT_SHA, RW_VERSION}; @@ -71,7 +73,7 @@ pub struct MetaNodeOpts { /// Password of etcd, required when --etcd-auth is enabled. #[clap(long, env = "RW_ETCD_PASSWORD", default_value = "")] - etcd_password: String, + etcd_password: Secret, /// Endpoint of the SQL service, make it non-option when SQL service is required. #[clap(long, env = "RW_SQL_ENDPOINT")] @@ -196,7 +198,10 @@ pub fn start(opts: MetaNodeOpts) -> Pin + Send>> { .map(|x| x.to_string()) .collect(), credentials: match opts.etcd_auth { - true => Some((opts.etcd_username, opts.etcd_password)), + true => Some(( + opts.etcd_username, + opts.etcd_password.expose_secret().to_string(), + )), false => None, }, },