Skip to content

[SECURITY] Remove hardcoded default wds.linkis.crypt.key, fail-closed on insecure values#5456

Merged
casionone merged 1 commit into
apache:masterfrom
aiceflower:fix-remove-default-crypt-key
Jul 16, 2026
Merged

[SECURITY] Remove hardcoded default wds.linkis.crypt.key, fail-closed on insecure values#5456
casionone merged 1 commit into
apache:masterfrom
aiceflower:fix-remove-default-crypt-key

Conversation

@aiceflower

Copy link
Copy Markdown
Member

Summary

Remove the well-known hardcoded default cryptKey "bdp-for-server" that was shared by all Linkis deployments not explicitly configuring wds.linkis.crypt.key.

Changes

  • Default value changed from "bdp-for-server" to empty string
  • Startup validation: empty / legacy default / keys < 16 chars cause BDPInitServerException (fail-closed)
  • Escape hatch: linkis.crypt.key.allow.insecure=true (default false)
  • All instances must share the same key — generate 24+ random chars before upgrading

Affected files

  • linkis-commons/linkis-module/.../ServerConfiguration.scala (+39/-3)

Deployment impact

Scenario Behavior
cryptKey not configured Refuses to start
cryptKey = bdp-for-server Refuses to start
cryptKey = 16+ random No impact

🤖 Generated with Claude Code

…closed on insecure values

- Remove hardcoded default 'bdp-for-server' cryptKey
- Add startup validation: empty / legacy default / short keys cause fail-closed
- Add escape hatch: linkis.crypt.key.allow.insecure=true (default false)
- Add CRYPT_KEY_INSECURE error code

Reported-by: Strick Sheng, Liyi Zhou, Ziyue, Maurice, Chenchen
Co-authored-by: ASF Security review
#AI COMMIT#

@casionone casionone left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@casionone
casionone merged commit bb26ad3 into apache:master Jul 16, 2026
4 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants