[
https://issues.apache.org/jira/browse/KAFKA-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418941#comment-15418941
]
Ashish K Singh commented on KAFKA-2629:
---------------------------------------
[~bharatviswa] the way we do it is that for password configs we provide path to
an executable instead of plaintext password, and in Kafka application we
execute that executable to get the password.
> Enable getting SSL password from an executable rather than passing plaintext
> password
> -------------------------------------------------------------------------------------
>
> Key: KAFKA-2629
> URL: https://issues.apache.org/jira/browse/KAFKA-2629
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.9.0.0
> Reporter: Ashish K Singh
> Assignee: Ashish K Singh
>
> Currently there are a couple of options to pass SSL passwords to Kafka, i.e.,
> via properties file or via command line argument. Both of these are not
> recommended security practices.
> * A password on a command line is a no-no: it's trivial to see that password
> just by using the 'ps' utility.
> * Putting a password into a file, and then passing the location to that file,
> is the next best option. The access to the file will be governed by unix
> access permissions which we all know and love. The downside is that the
> password is still just sitting there in a file, and those who have access can
> still see it trivially.
> * The most general, secure solution is to provide a layer of abstraction:
> provide functionality to get the password from "somewhere else". The most
> flexible and generic way to do this is to simply call an executable which
> returns the desired password.
> ** The executable is again protected with normal file system privileges
> ** The simplest form, a script that looks like "echo 'my-password'", devolves
> back to putting the password in a file
> ** A more interesting implementation could open up a local encrypted password
> store and extract the password from it
> ** A maximally secure implementation could contact an external secret manager
> with centralized control and audit functionality.
> ** In short: getting the password as the output of a script/executable is
> maximally generic and enables both simple and complex use cases.
> This JIRA intend to add a config param to enable passing an executable to
> Kafka for SSL passwords.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
