Proposal

• Introduce a new SPI on Connector

  /**
   * Return the names of configuration properties for this Plugin which may contain sensitive values.
   * This will be used by the engine to mask the values for those properties to avoid leaking the values.
   */
   default Set<String> getSensitiveConfigurationNames()
   {
      return emptySet();
   }

• It's the responsibility of the Plugin authors to ensure the implementation of this is kept up to date. For plugins that ship with Trino we can write a test which verifies all configs annotated with @ConfigSecuritySensitive are members of the set returned by getSensitiveConfigurationNames to help ensure the implementation is up to date.

Masking

The goal is to allow the engine to use this list to mask values for these properties from the:

• server log
• explain output
• event listener events
• error messages

The naive implementation we can start with would simply identify all occurrences of the property names and mask their values. This will include false positives too in the cases where the property names are very general (e.g password).

For EventListener we propose to change the QueryMetadata#getQuery to return masked query text and introduce a new QueryMetadata#getRawQuery to return unmasked values.