Attila Bukor created KUDU-3448:
----------------------------------
Summary: Store IPKI and TSK key material encrypted
Key: KUDU-3448
URL: https://issues.apache.org/jira/browse/KUDU-3448
Project: Kudu
Issue Type: Improvement
Reporter: Attila Bukor
Key material for IPKI TLS and TSK should be stored on disk securely, even when
user data is not encrypted. The symmetric encryption key should be derived from
a password using PBKDF2 which is a FIPS-approved KDF. The masters should have a
flag that expects a command which outputs the password (similar to
{{{}--webserver_private_key_password_cmd{}}}), that way the users can integrate
with a HSM or choose another way to provide the password securely without
storing it on a disk.
Generating new keys or encrypting existing key material is outside the scope of
this ticket.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
