cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bas van Dijk (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-13428) Security: provide keystore_password_file and truststore_password_file options
Date Sat, 08 Apr 2017 13:08:41 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-13428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Bas van Dijk updated CASSANDRA-13428:
-------------------------------------
    Description: 
Currently passwords are stored in plaintext in the configuration file as in:

{{{
    server_encryption_options:
      keystore_password: secret
      truststore_password: secret
    client_encryption_options:
      keystore_password: secret
}}}

This has the disadvantage that, in order to protect the secrets, the whole configuration file
needs to have restricted ownership and permissions. This is problematic in operating systems
like NixOS where configuration files are usually stored in world-readable locations.

A secure option would be to store secrets in files (with restricted ownership and permissions)
and reference those files from the unrestricted configuration file as in for example:

{{{
    server_encryption_options:
      keystore_password_file: /run/keys/keystore-password
      truststore_password_file: /run/keys/truststore-password
    client_encryption_options:
      keystore_password_file: /run/keys/keystore-password
}}}

This is trivial to implement and provides a big gain in security.

So in summary I'm proposing to add the keystore_password_file and truststore_password_file
options besides the existing keystore_password and truststore_password options. The former
will take precedence over the latter.

  was:
Currently passwords are stored in plaintext in the configuration file as in:

    server_encryption_options:
      keystore_password: secret
      truststore_password: secret
    client_encryption_options:
      keystore_password: secret

This has the disadvantage that, in order to protect the secrets, the whole configuration file
needs to have restricted ownership and permissions. This is problematic in operating systems
like NixOS where configuration files are usually stored in world-readable locations.

A secure option would be to store secrets in files (with restricted ownership and permissions)
and reference those files from the unrestricted configuration file as in for example:

    server_encryption_options:
      keystore_password_file: /run/keys/keystore-password
      truststore_password_file: /run/keys/truststore-password
    client_encryption_options:
      keystore_password_file: /run/keys/keystore-password

This is trivial to implement and provides a big gain in security.

So in summary I'm proposing to add the keystore_password_file and truststore_password_file
options besides the existing keystore_password and truststore_password options. The former
will take precedence over the latter.


> Security: provide keystore_password_file and truststore_password_file options
> -----------------------------------------------------------------------------
>
>                 Key: CASSANDRA-13428
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13428
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Configuration
>            Reporter: Bas van Dijk
>   Original Estimate: 3h
>  Remaining Estimate: 3h
>
> Currently passwords are stored in plaintext in the configuration file as in:
> {{{
>     server_encryption_options:
>       keystore_password: secret
>       truststore_password: secret
>     client_encryption_options:
>       keystore_password: secret
> }}}
> This has the disadvantage that, in order to protect the secrets, the whole configuration
file needs to have restricted ownership and permissions. This is problematic in operating
systems like NixOS where configuration files are usually stored in world-readable locations.
> A secure option would be to store secrets in files (with restricted ownership and permissions)
and reference those files from the unrestricted configuration file as in for example:
> {{{
>     server_encryption_options:
>       keystore_password_file: /run/keys/keystore-password
>       truststore_password_file: /run/keys/truststore-password
>     client_encryption_options:
>       keystore_password_file: /run/keys/keystore-password
> }}}
> This is trivial to implement and provides a big gain in security.
> So in summary I'm proposing to add the keystore_password_file and truststore_password_file
options besides the existing keystore_password and truststore_password options. The former
will take precedence over the latter.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message