Hi, Pulsar stores different types of metadata into a metadata store which contains tenant, namespaces and topic metadata. Metadata-store should store metadata definition and should avoid combining other non metadata related information especially certificates or keys like encryption/decryption keys. Apache Pulsar supports envelope encryption for which it requires to store and retrieve encryption keys but if Pulsar starts managing such keys then Pulsar will start playing responsibilities of any other KMS systems and that MUST BE out of the scope of the Pulsar because KMS itself is a big beast and it comes with lot of security requirements and responsibilities. And that's why we made it a pluggable component and one can implement its own implementation. Similar way, managing certificates MUST be out of Pulsar scope else it will become can of worms which comes with lot security bugs and concerns , and definitely it's not something we want to store in Metadata store, So, we MUST not introduce a support of cert management in Pulsar and MUST NOT store certs into metadata-store, We can certainly see if we can provide interface and API to make it pluggable and let users manage their own implementation without introducing such critical complexities in Pulsar.
Thanks, Rajan On Fri, Sep 8, 2023 at 1:21 AM mattison chao <mattisonc...@gmail.com> wrote: > > Hello, folks. > > I hope this email finds you well. I would like to start a discussion about > PIP-296 Support storing broker internal client certificates in metadata > store[1]. > > Please don't hesitate to leave any concerns or questions. > > Best, > Mattison > > [1] https://github.com/apache/pulsar/pull/21044/files > >
