Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 74F652A48 for ; Wed, 27 Apr 2011 03:10:20 +0000 (UTC) Received: (qmail 9789 invoked by uid 500); 27 Apr 2011 03:10:18 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 9754 invoked by uid 500); 27 Apr 2011 03:10:16 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 9743 invoked by uid 99); 27 Apr 2011 03:10:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Apr 2011 03:10:15 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of david@davidstrauss.net designates 74.125.83.44 as permitted sender) Received: from [74.125.83.44] (HELO mail-gw0-f44.google.com) (74.125.83.44) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Apr 2011 03:10:07 +0000 Received: by gwb20 with SMTP id 20so571273gwb.31 for ; Tue, 26 Apr 2011 20:09:46 -0700 (PDT) Received: by 10.150.255.5 with SMTP id c5mr1409535ybi.173.1303873786270; Tue, 26 Apr 2011 20:09:46 -0700 (PDT) Received: from [10.1.10.37] (173-164-238-54-SFBA.hfc.comcastbusiness.net [173.164.238.54]) by mx.google.com with ESMTPS id f5sm642037ybh.28.2011.04.26.20.09.45 (version=SSLv3 cipher=OTHER); Tue, 26 Apr 2011 20:09:45 -0700 (PDT) Subject: Re: encryption_options & 0.8 From: David Strauss To: user@cassandra.apache.org In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-f/7PIeqcuYdOO8TgvL7E" Date: Tue, 26 Apr 2011 20:09:45 -0700 Message-ID: <1303873785.10067.42.camel@titan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 --=-f/7PIeqcuYdOO8TgvL7E Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2011-04-26 at 08:57 +0200, Sasha Dolgy wrote: > Is it possible to store an encrypted keystore_password and > truststore_password in the cassandra.yaml? I see that the defaults > allow cleartext which isn't suitable when negotiating with security > specialists for sign-off of a solution... If the passwords are encrypted, when and how would they be decrypted? --=-f/7PIeqcuYdOO8TgvL7E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABAgAGBQJNt4j5AAoJENJ2cwu61UrkkNIP/i6ky/Xjl4zzZLaiwwZdZwFH C3T+c1fjb0BfJWWkV6rvlZzrL/BCgZRwuPmewl5Ofpyq2GFkeJKk1sw5P2suaOPB doCKO/IoDV9YjWapATtwVxBdYqoK/zDSBgHZVg/LGlNqulTGQ9RUGrIF7Xj8oXF1 Jd1UVubnL+eRW1rgqDvGakB40Q/YeVFdIpo5v2ZkE0wzjKPi1aolkg2vJ1hJaW6C p7/TYAmTVoIc6Of8VuGiH2GgjKZoRyoWgfRJIS78QsGMhr34PMfgw0vON22chg2+ bibVG5Sw8PH6vlbp1K92aOtE9oMU6JYjS0WvcBos9KilB87Z6gvdrbZeFq8RxSen iZcv0imYVP9/oJbf6gIuGOiVcBjIq7VQup8Z1RXgpzEx1DjjAAC4QnSj7W5g+vWI l17i+Eq4759zVXEAAP8zBXVadMJapxBsQcxoAqkEBIeia+TAKcSAn5T4ZB9J5QCc 0BaClX9xoRgQttSx+eehB64wJ1QLIJ+I8b4xKQzvN5c1djyD5v4eXT6ojc/eRXAk 04itZSo3drtg+oQFl+jskquJr/6YMAzqXBINTmzuu3RYl9RCQcfP2HE4uueGCgg8 N6UctpYmCdC8mAACz0jb7e5nYzEqGY3sfDZ0Qh75GyxU+0h8YjB4AROmM5O3QuS0 Wa5L0qWvWchsz7KVxMaN =sxqT -----END PGP SIGNATURE----- --=-f/7PIeqcuYdOO8TgvL7E--