rajinisivaram commented on pull request #11916: URL: https://github.com/apache/kafka/pull/11916#issuecomment-1073729540
With other file formats for key stores (JKS, PKCS12), I don't think we currently allow unencrypted keys. So for PEM, it made sense to keep the requirements for secure files consistent. For PEM in string format that is set directly as a config, we treat strings similar to other password configs. Configs can be externalized in this case (e.g. stored in Vault) and hence we don't require separate encryption. I think it may be better to add a note to the KIP discussion thread to get wider opinion on relaxing the requirement for PEM files. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
