[
https://issues.apache.org/jira/browse/CASSANDRA-13428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17927904#comment-17927904
]
Maulin Vasavada edited comment on CASSANDRA-13428 at 2/18/25 4:18 AM:
----------------------------------------------------------------------
[~smiklosovic] I created a
[PR-3908|https://github.com/apache/cassandra/pull/3908] with all the changes -
supporting the password_file options for inbound and outbound keystores,
truststore and JMX SSL configurations with JKS and PEM format of the keys. I
will start working on updating the security documentation related to this once
PR is near to closure. Please let me know your thoughts and add other reviewers
as needed. May be [~basvandijk] , [~djoshi] and [~Jyothsnakonisa] might be
interested in reviewing this.
I feel the K8s examples may not need additional changes for this and since K8s
passwords are injected via K8s env variables, K8 apps may not really need to
use the password_file options anyway. However, once I am done setting up the
examples ssl module, I'll double check.
While making the changes I realized we have to probably refactor the
EncryptionOptions `with` prefixed builder methods to make it easier to add new
config parameters. However, I feel that could be a separate low priority ticket
(I can create in a week or so if it makes sense to most of you).
was (Author: maulin.vasavada):
[~smiklosovic] I created a
[PR-3908|https://github.com/apache/cassandra/pull/3908] with all the changes -
supporting the password_file options for inbound and outbound keystores,
truststore and JMX SSL configurations with JKS and PEM format of the keys. I
will start working on updating the security documentation related to this once
PR is near to closure. Please let me know your thoughts and add other reviewers
as needed. May be [~djoshi] and [~Jyothsnakonisa] might be interested in
reviewing this.
I feel the K8s examples may not need additional changes for this and since K8s
passwords are injected via K8s env variables, K8 apps may not really need to
use the password_file options anyway. However, once I am done setting up the
examples ssl module, I'll double check.
While making the changes I realized we have to probably refactor the
EncryptionOptions `with` prefixed builder methods to make it easier to add new
config parameters. However, I feel that could be a separate low priority ticket
(I can create in a week or so if it makes sense to most of you).
> Security: provide keystore_password_file and truststore_password_file options
> -----------------------------------------------------------------------------
>
> Key: CASSANDRA-13428
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13428
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: Bas van Dijk
> Assignee: Maulin Vasavada
> Priority: Normal
> Original Estimate: 3h
> Time Spent: 10m
> Remaining Estimate: 2h 50m
>
> Currently passwords are stored in plaintext in the configuration file as in:
> {code}
> server_encryption_options:
> keystore_password: secret
> truststore_password: secret
> client_encryption_options:
> keystore_password: secret
> {code}
> This has the disadvantage that, in order to protect the secrets, the whole
> configuration file needs to have restricted ownership and permissions. This
> is problematic in operating systems like NixOS where configuration files are
> usually stored in world-readable locations.
> A secure option would be to store secrets in files (with restricted ownership
> and permissions) and reference those files from the unrestricted
> configuration file as in for example:
> {code}
> server_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> truststore_password_file: /run/keys/truststore-password
> client_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> {code}
> This is trivial to implement and provides a big gain in security.
> So in summary I'm proposing to add the {{keystore_password_file}} and
> {{truststore_password_file}} options besides the existing
> {{keystore_password}} and {{truststore_password options}}. The former will
> take precedence over the latter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
