[
https://issues.apache.org/jira/browse/CASSANDRA-13428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17862600#comment-17862600
]
Maulin Vasavada edited comment on CASSANDRA-13428 at 7/2/24 9:30 PM:
---------------------------------------------------------------------
Can this be addressed with a similar approach mentioned in
https://issues.apache.org/jira/browse/CASSANDRA-18508 ? I think having a
pluggable credentials provider (parameterized class) make sense to provide a
unified solution to multiple passwords/credentials we have today in config
files. This will help in either fetching the credentials from a file, env
variables (e.g. K8s env vars) etc vs just files.
However by 'unified' I don't mean a 'single class'. Just a single interface and
a mechanism and have ability to write providers if needed.
was (Author: maulin.vasavada):
Can this be addressed with a similar approach mentioned in
https://issues.apache.org/jira/browse/CASSANDRA-18508 ? I think having a
pluggable credentials provider (parameterized class) make sense to provide a
unified solution to multiple passwords/credentials we have today in config
files. This will help in either fetching the credentials from a file, env
variables (e.g. K8s env vars) etc vs just files.
> Security: provide keystore_password_file and truststore_password_file options
> -----------------------------------------------------------------------------
>
> Key: CASSANDRA-13428
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13428
> Project: Cassandra
> Issue Type: Improvement
> Components: Local/Config
> Reporter: Bas van Dijk
> Priority: Normal
> Original Estimate: 3h
> Remaining Estimate: 3h
>
> Currently passwords are stored in plaintext in the configuration file as in:
> {code}
> server_encryption_options:
> keystore_password: secret
> truststore_password: secret
> client_encryption_options:
> keystore_password: secret
> {code}
> This has the disadvantage that, in order to protect the secrets, the whole
> configuration file needs to have restricted ownership and permissions. This
> is problematic in operating systems like NixOS where configuration files are
> usually stored in world-readable locations.
> A secure option would be to store secrets in files (with restricted ownership
> and permissions) and reference those files from the unrestricted
> configuration file as in for example:
> {code}
> server_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> truststore_password_file: /run/keys/truststore-password
> client_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> {code}
> This is trivial to implement and provides a big gain in security.
> So in summary I'm proposing to add the {{keystore_password_file}} and
> {{truststore_password_file}} options besides the existing
> {{keystore_password}} and {{truststore_password options}}. The former will
> take precedence over the latter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
