abhishekagarwal87 commented on a change in pull request #11779:
URL: https://github.com/apache/druid/pull/11779#discussion_r724770347
##########
File path: docs/operations/security-overview.md
##########
@@ -39,6 +39,7 @@ The following recommendations apply to the Druid cluster
setup:
* Enable authentication to the Druid cluster for production environments and
other environments that can be accessed by untrusted networks.
* Enable authorization and do not expose the Druid Console without
authorization enabled. If authorization is not enabled, any user that has
access to the web console has the same privileges as the operating system user
that runs the Druid Console process.
* Grant users the minimum permissions necessary to perform their functions.
For instance, do not allow users who only need to query data to write to data
sources or view state.
+* Do not provide plain-text passwords for production systems in configuration
specs. For example, sensitive properties should not be in the
`consumerProperties` field of `KafkaSupervisorIngestionSpec`.
Review comment:
link to an implementation -
https://druid.apache.org/docs/latest/operations/dynamic-config-provider.html#environment-variable-dynamic-config-provider
I didn't know this existed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
