[jira] [Updated] (FLINK-23568) Plaintext Java Keystore Password Risks in the flink-conf.yaml File

Fri, 30 Jul 2021 20:59:06 -0700 


     [ 
https://issues.apache.org/jira/browse/FLINK-23568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Hui Wang updated FLINK-23568:
-----------------------------
    Description: 
When REST SSL is enabled, the plaintext password of the Java keystore needs to 
be configured in the flink-conf.yaml configuration of Flink, which poses great 
security risks. It is hoped that the community can provide the capability of 
encrypting and storing passwords in the flink-conf.yaml file.

 
{code:java}
security.ssl.internal.keystore-password: keystore_password
security.ssl.internal.key-password: key_password
security.ssl.internal.truststore-password: truststore_password{code}
 

  was:
When REST SSL is enabled, the plaintext password of the Java keystore needs to 
be configured in the flink-conf.yaml configuration of Flink, which poses great 
security risks. It is hoped that the community can provide the capability of 
encrypting and storing passwords in the flink-conf.yaml file.

{{}}
{code:java}
security.ssl.internal.keystore-password: keystore_password
security.ssl.internal.key-password: key_password
security.ssl.internal.truststore-password: truststore_password{code}
{{}}


> Plaintext Java Keystore Password Risks in the flink-conf.yaml File
> ------------------------------------------------------------------
>
>                 Key: FLINK-23568
>                 URL: https://issues.apache.org/jira/browse/FLINK-23568
>             Project: Flink
>          Issue Type: Improvement
>          Components: Client / Job Submission, Runtime / REST
>    Affects Versions: 1.11.3
>            Reporter: Hui Wang
>            Priority: Major
>
> When REST SSL is enabled, the plaintext password of the Java keystore needs 
> to be configured in the flink-conf.yaml configuration of Flink, which poses 
> great security risks. It is hoped that the community can provide the 
> capability of encrypting and storing passwords in the flink-conf.yaml file.
>  
> {code:java}
> security.ssl.internal.keystore-password: keystore_password
> security.ssl.internal.key-password: key_password
> security.ssl.internal.truststore-password: truststore_password{code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to