Manikumar, Satish. Thanks for the review! As I understand, you are not in
favor of this KIP, and I do agree that having a pluggable mechanism for
sensitive data / metadata is preferable/more future-proof.
On Wed, Dec 12, 2018 at 8:12 AM Satish Duggana
wrote:
> Agree with Manikumar on having plug
Agree with Manikumar on having pluggable mechanism for entities
required/created for delegation token mechanism. I will cover that as
part of KAFKA-7694.
Thanks,
Satish.
On Tue, Dec 11, 2018 at 12:35 PM Manikumar wrote:
>
> Hi,
>
> Thanks for the KIP.
>
> Currently, master/secret key is stored as
Hi,
Thanks for the KIP.
Currently, master/secret key is stored as plain text in server.properties
config file.
Using master secret key as shared secret is again a security risk. We have
raised KAFKA-7694
to implement a ZooKeeper based master/secret key management to automate
secret key rotation.