[
https://issues.apache.org/jira/browse/KAFKA-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15413738#comment-15413738
]
Ashish K Singh commented on KAFKA-2629:
---------------------------------------
[~bharatviswa] I would like this to go in. We had quite a bit of discussion
here, but now that it has been a while maybe we can revisit this. [~sriharsha]
do you think it is OK to add this as an optional config? If so, would you be
willing to be the reviewer on this? I can work on a patch if we have at least
one committer willing to commit this.
> Enable getting SSL password from an executable rather than passing plaintext
> password
> -------------------------------------------------------------------------------------
>
> Key: KAFKA-2629
> URL: https://issues.apache.org/jira/browse/KAFKA-2629
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.9.0.0
> Reporter: Ashish K Singh
> Assignee: Ashish K Singh
>
> Currently there are a couple of options to pass SSL passwords to Kafka, i.e.,
> via properties file or via command line argument. Both of these are not
> recommended security practices.
> * A password on a command line is a no-no: it's trivial to see that password
> just by using the 'ps' utility.
> * Putting a password into a file, and then passing the location to that file,
> is the next best option. The access to the file will be governed by unix
> access permissions which we all know and love. The downside is that the
> password is still just sitting there in a file, and those who have access can
> still see it trivially.
> * The most general, secure solution is to provide a layer of abstraction:
> provide functionality to get the password from "somewhere else". The most
> flexible and generic way to do this is to simply call an executable which
> returns the desired password.
> ** The executable is again protected with normal file system privileges
> ** The simplest form, a script that looks like "echo 'my-password'", devolves
> back to putting the password in a file
> ** A more interesting implementation could open up a local encrypted password
> store and extract the password from it
> ** A maximally secure implementation could contact an external secret manager
> with centralized control and audit functionality.
> ** In short: getting the password as the output of a script/executable is
> maximally generic and enables both simple and complex use cases.
> This JIRA intend to add a config param to enable passing an executable to
> Kafka for SSL passwords.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
