[jira] [Commented] (AMBARI-22571) Handle passwords/sensitive data in Ambari configuration properties

Fri, 01 Dec 2017 05:06:51 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-22571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274356#comment-16274356
 ] 

Robert Levas commented on AMBARI-22571:
---------------------------------------

[~smolnar]...

Password properties in the {{ambari.properites}} file is moved out into a 
different file. If the Ambari credential store is enabled, sensitive data is 
stored there, else I believe that it is moved into its own file.  

The properties in this case are similar in that they are Ambari-level 
properties.  I suspect many properties will be moved from the 
{{ambari.properties}} file into the Ambari database, like the LDAP 
configuration properties.  Ideally, the Ambari credential store is set up and 
the sensitive values can be stored there. However for now, this is optional.  I 
want to push to make this mandatory as part of the Ambari server setup, but I 
am not sure if I will get traction on that.  Maybe others in the community will 
chime in. 

For now, we need to hide the sensitive data from results in REST API requests.  
For example {{GET 
/api/v1/services/AMBARI/components/AMBARI_SERVER/configurations/ldap-configuration}}.
 Or maybe even hide the sensitive data from non-Ambari Administrator users. 



> Handle passwords/sensitive data in Ambari configuration properties
> ------------------------------------------------------------------
>
>                 Key: AMBARI-22571
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22571
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Minor
>              Labels: config, security
>             Fix For: trunk
>
>
> Passwords and other sensitive data stored as values to properties in Ambari 
> configurations need to be masked or not stored in cleartext.
> For example, 
> {{ldap-configuration/ambari.ldap.connectivity.trust_store.password}} and 
> ldap-{{configuration/ambari.ldap.connectivity.bind_password}}.
> If the Ambari credential store is enabled (which might be by default as of 
> Ambari 3.0.0), the sensitive date can be stored there like we do when 
> sensitive data is to be stored in the ambari.properties file - see 
> {{org.apache.ambari.server.security.encryption.CredentialStoreService}}.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to