Stefan Podkowinski created CASSANDRA-13971:
----------------------------------------------
Summary: Automatic certificate management using Vault
Key: CASSANDRA-13971
URL: https://issues.apache.org/jira/browse/CASSANDRA-13971
Project: Cassandra
Issue Type: Improvement
Components: Streaming and Messaging
Reporter: Stefan Podkowinski
Assignee: Stefan Podkowinski
Fix For: 4.x
We've been adding security features during the last years to enable users to
secure their clusters, if they are willing to use them and do so correctly.
Some features are powerful and easy to work with, such as role based
authorization. Other features that require to manage a local keystore are
rather painful to deal with. Think about setting up SSL..
To be fair, keystore related issues and certificate handling hasn't been
invented by us. We're just following Java standards there. But that doesn't
mean that we absolutely have to, if there are better options. I'd like to give
it a shoot and find out if we can automate certificate/key handling (PKI) by
using external APIs. In this case, the implementation will be based on
[Vault|https://vaultproject.io]. But certificate management services offered by
cloud providers may also be able to handle the use-case and I intend to create
a generic, pluggable API for that.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
