See also
https://cwiki.apache.org/confluence/display/KAFKA/KIP-297%3A+Externalizing+Secrets+for+Connect+Configurations,
which just passed.
On Mon, Mar 19, 2018 at 11:16 PM, Ewen Cheslack-Postava
wrote:
> SSL authentication was added in KIP-208, which will be included in Kafka
> 1.1.0:
> https://
SSL authentication was added in KIP-208, which will be included in Kafka
1.1.0:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-208%3A+Add+SSL+support+to+Kafka+Connect+REST+interface
Connect isn't much different from the core Kafka/client configs currently
where in some security setups you n
What’s the status of this? This is a pretty hard blocker for us to meet
requirements internally to deploy connect in a distributed fashion.
@Ewen - Regarding the concern of accessing information securely - has there
been any consideration of adding authentication to the connect api?
> On Jan 17
Vincent,
Can the KIP more explicitly say that this is opt-in, and that by default
nothing will change?
Randall
On Tue, Jan 16, 2018 at 11:18 PM, Ewen Cheslack-Postava
wrote:
> Vincent,
>
> I think with the addition of a configuration to control this for
> compatibility, people would generally
Vincent,
I think with the addition of a configuration to control this for
compatibility, people would generally be ok with it. If you want to start a
VOTE thread, the KIP deadline is coming up and the PR looks pretty small. I
will take a pass at reviewing the PR so we'll be ready to merge if we ca
@Ted: The issue is kinda hard to reproduce. It's just something we observe
over time.
@Ewen: I agree. Opt-in seems to be a good solution to me. To your question,
if there is no ConfDef that defines which fields are Passwords we can just
return the config as is.
There is a PR for this KIP already.
Vincent,
Thanks for the KIP. This is definitely an issue we know is a problem for
some users.
I think the major problem with the KIP as-is is that it makes it impossible
to get the original value back out of the API. This KIP probably ties in
significantly with ideas for securing the REST API (SS
For the last point you raised, can you come up with a unit test that shows
what you observed ?
Cheers
On Mon, Dec 18, 2017 at 11:14 AM, Vincent Meng wrote:
> Hi all,
>
> I've created KIP-242, a proposal to secure credentials in kafka connect
> rest endpoint.
>
> https://cwiki.apache.org/conflue
Hi all,
I've created KIP-242, a proposal to secure credentials in kafka connect
rest endpoint.
https://cwiki.apache.org/confluence/display/KAFKA/KIP-242%3A+Mask+password+in+Kafka+Connect+Rest+API+response
Here are something I'd like to discuss:
- The "masked" value is set to "*" (9 s
