The way docker manages secrets could an option.
On Aug 21, 2017 8:32 AM, "Gary Gregory (JIRA)" <[email protected]> wrote:
[ https://issues.apache.org/jira/browse/LOG4J2-1896?page=
com.atlassian.jira.plugin.system.issuetabpanels:comment-
tabpanel&focusedCommentId=16135305#comment-16135305 ]
Gary Gregory commented on LOG4J2-1896:
--------------------------------------
I like the idea of abstract away the access and use of secrets. Do you want
to take a shot at it?
> Update classes in org.apache.logging.log4j.core.net.ssl in APIs from
String to char[] for passwords
> ------------------------------------------------------------
---------------------------------------
>
> Key: LOG4J2-1896
> URL: https://issues.apache.org/jira/browse/LOG4J2-1896
> Project: Log4j 2
> Issue Type: Improvement
> Components: Configurators
> Reporter: Gary Gregory
> Assignee: Gary Gregory
> Fix For: 2.9
>
>
> Update {{org.apache.logging.log4j.core.net.ssl.StoreConfiguration}} from
a {{String}} to {{char[]}} to represent its password.
> The goal is to reduce the security risk of using a String for a password.
See https://stackoverflow.com/questions/8881291/why-is-char-
preferred-over-string-for-passwords
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
