log-backup: secrets may be directly logging to log when --send-credentials-to-tikv=false not set during starting log backup #55273
Description
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
- Start a log backup task:
$ tiup br:v8.1.0 log start -u upd-1:2379 --task-name fiolvit -s (s3altpath test)
Starting component `br`: /root/.tiup/components/br/v8.1.0/br log start -u upd-1:2379 --task-name fiolvit -s s3://astro/test?endpoint=http://minio:9000
Detail BR log in /tmp/br.log.2024-08-07T17.45.19+0800
[2024/08/07 17:45:19.859 +08:00] [INFO] [collector.go:77] ["log start"] [streamTaskInfo="{taskName=fiolvit,startTs=451680354413576193,endTS=999999999999999999,tableFilter=*.*}"] [pausing=false] [rangeCount=2]
[2024/08/07 17:45:23.269 +08:00] [INFO] [collector.go:77] ["log start success summary"] [total-ranges=0] [ranges-succeed=0] [ranges-failed=0] [backup-checksum=32.966226ms] [total-take=3.715794709s]And then, check the TiDB log.
2. What did you expect to see? (Required)
It shouldn't contain sensetive information.
3. What did you see instead (Required)
[2024/08/07 17:45:19.844 +08:00] [INFO] [advancer.go:399] ["added event"] [task="storage:<s3:<endpoint:\"http://minio:9000\" region:\"us-east-1\" bucket:\"astro\" prefix:\"test\" access_key:\"minioadmin\" secret_access_key:\"minioadmin\" force_path_style:true > > start_ts:451680354413576193 end_ts:999999999999999999 name:\"fiolvit\" table_filter:\"*.*\" compression_type:ZSTD "] [ranges="{[6D, 6E), [74, 75)}"] [current-checkpoint=451680188790996992]
Notice here, our secret key was printed:
... access_key:\"minioadmin\" secret_access_key:\"minioadmin\" ...
4. What is your TiDB version? (Required)
Current master.
Note: It is always unsafe to enable --send-credentials-to-tikv when starting log backup because: it will store the credentials to PD, and won't rotate them. Then, when the session key expired, there is no way to refresh them(Also anyone that can access PD can query them...). Authorize by IAM roles or other context of the TiKV node are more recommended in productive environment.