Robert Yokota created KAFKA-6886:
------------------------------------
Summary: Externalize Secrets for Kafka Connect Configurations
Key: KAFKA-6886
URL: https://issues.apache.org/jira/browse/KAFKA-6886
Project: Kafka
Issue Type: New Feature
Components: KafkaConnect
Reporter: Robert Yokota
Assignee: Robert Yokota
Fix For: 2.0.0
Kafka Connect's connector configurations have plaintext passwords, and Connect
stores these in cleartext either on the filesystem (for standalone mode) or in
internal topics (for distributed mode).
Connect should not store or transmit cleartext passwords in connector
configurations. Secrets in stored connector configurations should be allowed to
be replaced with references to values stored in external secret management
systems. Connect should provide an extension point for adding customized
integrations, as well as provide a file-based extension as an example. Second,
a Connect runtime should be allowed to be configured to use one or more of
these extensions, and allow connector configurations to use placeholders that
will be resolved by the runtime before passing the complete connector
configurations to connectors. This will allow existing connectors to not see
any difference in the configurations that Connect provides to them at startup.
And third, Connect's API should be changed to allow a connector to obtain the
latest connector configuration at any time.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
