I've been recently looking into how we could improve security in Cassandra by integrating external solutions. There are very interesting projects out there, such as Vault[0], but also a growing list of security related APIs offered by cloud providers.
Today Cassandra can already be customized by using different authenticators. We also have a really nice role based access model. But there are other parts of Cassandra that are simply painful to work with, such as certificate management for SSL, or anything related to local keystores. No one wants to deal with that. Wouldn't it be cool to have automated, build-in certificate management instead? That's what got me started to work on CASSANDRA-13971. Some cloud providers and solutions like Vault also offer key management features that we could use for data-at-rest encryption. Same for identity services and authentication. I'm going to start working on some ideas[1] how we could integrate Vault for certificate management, data-at-rest encryption and authentication. But I'd really like to see support for cloud platforms as well. It would be great to hear some other opinions and suggestions on that, especially from people who already have been worked with e.g. AWS KMS, AWS cert and identity manager, or related GC / Azure service. Also, where can we improve to make Cassandra more secure by default in general? [0] https://www.vaultproject.io [1] https://docs.google.com/document/d/1D8Td_M9wG7_kD0za-AlM_e524cFj2VnbU3mSYpAkViQ/edit?usp=sharing --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org For additional commands, e-mail: dev-h...@cassandra.apache.org
