[
https://issues.apache.org/jira/browse/KAFKA-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957726#comment-14957726
]
Gwen Shapira commented on KAFKA-2629:
-------------------------------------
[~singhashish], I see the need for this type of integration - I also ran into
customers with these requirements, whether or not they make sense :)
Due to the tight timeline for 0.9.0.0 (two weeks until branching!) and our need
to stabilize the security interfaces for now and start testing them, would you
be OK with tabling the discussion on this feature for now and planning it for
0.9.1.0 instead?
This will allow us to stabilize the security features and making sure they are
usable without adding more interfaces and complexity.
> Enable getting SSL password from an executable rather than passing plaintext
> password
> -------------------------------------------------------------------------------------
>
> Key: KAFKA-2629
> URL: https://issues.apache.org/jira/browse/KAFKA-2629
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.9.0.0
> Reporter: Ashish K Singh
> Assignee: Ashish K Singh
>
> Currently there are a couple of options to pass SSL passwords to Kafka, i.e.,
> via properties file or via command line argument. Both of these are not
> recommended security practices.
> * A password on a command line is a no-no: it's trivial to see that password
> just by using the 'ps' utility.
> * Putting a password into a file, and then passing the location to that file,
> is the next best option. The access to the file will be governed by unix
> access permissions which we all know and love. The downside is that the
> password is still just sitting there in a file, and those who have access can
> still see it trivially.
> * The most general, secure solution is to provide a layer of abstraction:
> provide functionality to get the password from "somewhere else". The most
> flexible and generic way to do this is to simply call an executable which
> returns the desired password.
> ** The executable is again protected with normal file system privileges
> ** The simplest form, a script that looks like "echo 'my-password'", devolves
> back to putting the password in a file
> ** A more interesting implementation could open up a local encrypted password
> store and extract the password from it
> ** A maximally secure implementation could contact an external secret manager
> with centralized control and audit functionality.
> ** In short: getting the password as the output of a script/executable is
> maximally generic and enables both simple and complex use cases.
> This JIRA intend to add a config param to enable passing an executable to
> Kafka for SSL passwords.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
