One option is that your application could read the password from an access restricted file (e.g. owner read/write only) or retrieve it from a credentials server (e.g. hadoop kms, hashicorp vault)
For what its worth, java keystore passwords are pretty useless anyway and keystores can be read without even knowing it as demonstrated in this code snippet: https://gist.github.com/zach-klippenstein/4631307 On Sun, Mar 20, 2016 at 8:18 PM, Linyuxin <linyu...@huawei.com> wrote: > Hi All, > Kafka 0.9.0 support ssl. > And in the document, password in ssl config is cleartext passwords. > e.g. > ssl.keystore.location=/var/private/ssl/kafka.server.keystore.jks > ssl.keystore.password=test1234 > ssl.key.password=test1234 > > ssl.truststore.location=/var/private/ssl/kafka.server.truststore.jks > ssl.truststore.password=test1234 > any way to avoid this "test1234" cleartext in the file? > Like some encryption? > -- Adam Kunicki StreamSets | Field Engineer mobile: 415.890.DATA (3282) | linkedin <http://www.adamkunicki.com>
