kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashish K Singh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-2629) Enable getting SSL password from an executable rather than passing plaintext password
Date Fri, 12 Aug 2016 14:48:20 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418941#comment-15418941

Ashish K Singh commented on KAFKA-2629:

[~bharatviswa] the way we do it is that for password configs we provide path to an executable
instead of plaintext password, and in Kafka application we execute that executable to get
the password.

> Enable getting SSL password from an executable rather than passing plaintext password
> -------------------------------------------------------------------------------------
>                 Key: KAFKA-2629
>                 URL: https://issues.apache.org/jira/browse/KAFKA-2629
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions:
>            Reporter: Ashish K Singh
>            Assignee: Ashish K Singh
> Currently there are a couple of options to pass SSL passwords to Kafka, i.e., via properties
file or via command line argument. Both of these are not recommended security practices.
> * A password on a command line is a no-no: it's trivial to see that password just by
using the 'ps' utility.
> * Putting a password into a file, and then passing the location to that file, is the
next best option. The access to the file will be governed by unix access permissions which
we all know and love. The downside is that the password is still just sitting there in a file,
and those who have access can still see it trivially.
> * The most general, secure solution is to provide a layer of abstraction: provide functionality
to get the password from "somewhere else".  The most flexible and generic way to do this is
to simply call an executable which returns the desired password. 
> ** The executable is again protected with normal file system privileges
> ** The simplest form, a script that looks like "echo 'my-password'", devolves back to
putting the password in a file
> ** A more interesting implementation could open up a local encrypted password store and
extract the password from it
> ** A maximally secure implementation could contact an external secret manager with centralized
control and audit functionality.
> ** In short: getting the password as the output of a script/executable is maximally generic
and enables both simple and complex use cases.
> This JIRA intend to add a config param to enable passing an executable to Kafka for SSL

This message was sent by Atlassian JIRA

View raw message