[ https://issues.apache.org/jira/browse/AMBARI-22571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274483#comment-16274483 ]
Sandor Molnar edited comment on AMBARI-22571 at 12/1/17 3:00 PM: ----------------------------------------------------------------- [~rlevas] Thanks for this hint. I've the following questions: * When you say 'hide' do you mean replacing the content with * characters let's say or do you mean to actually not show (cut out) that name/value pair? * What kind of data do we consider sensitive? Only passwords? If not, could you please give me a hint? * Is it a valid assumption that we do want to do this on any level (i.e. we hide passwords on all layers for any services)? Thanks. was (Author: smolnar): [~rlevas] Thanks for this hint. I've the following questions: * When you say 'hide' do you mean replace the content with * characters let's say or do you mean to actually not show (cut out) that name/value pair? * What kind of data do we consider sensitive? Only passwords? If not, could you please give me a hint? * Is is a valid assumption that we do want to do this on the root level (i.e. we hide passwords on all layers for any services)? Thanks. > Handle passwords/sensitive data in Ambari configuration properties > ------------------------------------------------------------------ > > Key: AMBARI-22571 > URL: https://issues.apache.org/jira/browse/AMBARI-22571 > Project: Ambari > Issue Type: Task > Components: ambari-server > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Minor > Labels: config, security > Fix For: trunk > > > Passwords and other sensitive data stored as values to properties in Ambari > configurations need to be masked or not stored in cleartext. > For example, > {{ldap-configuration/ambari.ldap.connectivity.trust_store.password}} and > ldap-{{configuration/ambari.ldap.connectivity.bind_password}}. > If the Ambari credential store is enabled (which might be by default as of > Ambari 3.0.0), the sensitive date can be stored there like we do when > sensitive data is to be stored in the ambari.properties file - see > {{org.apache.ambari.server.security.encryption.CredentialStoreService}}. -- This message was sent by Atlassian JIRA (v6.4.14#64029)