[kudu-CR] KUDU-3448 Add support for encrypting IPKI keys

Tue, 14 Mar 2023 03:29:11 -0700 

Hello Mahesh Reddy, Tidy Bot, Zoltan Chovan, Alexey Serbin, Ashwani Raina, Kudu 
Jenkins, Abhishek Chennaka, Ádám Bakai,

I'd like you to reexamine a change. Please visit

    http://gerrit.cloudera.org:8080/19616

to look at the new patch set (#4).

Change subject: KUDU-3448 Add support for encrypting IPKI keys
......................................................................

KUDU-3448 Add support for encrypting IPKI keys

This patch introduces a new flag, --ipki_private_key_password_cmd. If
set, Kudu's internal PKI's root CA private key will be encrypted with
the password that is output by the command set with this flag.

The key is encrypted with AES-256-CBC and encoded in PKCS#8 format. The
behavior is similar to --webserver_private_key_password_cmd, which is
used to provide a command to decrypt the webserver certificate's private
key.

Currently, Kudu doesn't support rotating IPKI keys, so this flag can't
be used on existing clusters, and if it was used on the first startup of
a master, it must be used as long as that master exists, it won't be
able to start without it.

Change-Id: I71f2ec856f018d56efbf6901039eed2676fcbe23
---
M src/kudu/master/catalog_manager.cc
M src/kudu/master/master-test.cc
M src/kudu/master/sys_catalog-test.cc
3 files changed, 92 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/16/19616/4
--
To view, visit http://gerrit.cloudera.org:8080/19616
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I71f2ec856f018d56efbf6901039eed2676fcbe23
Gerrit-Change-Number: 19616
Gerrit-PatchSet: 4
Gerrit-Owner: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Abhishek Chennaka <achenn...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <ale...@apache.org>
Gerrit-Reviewer: Ashwani Raina <ara...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <abu...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Mahesh Reddy <mre...@cloudera.com>
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Reviewer: Zoltan Chovan <zcho...@cloudera.com>
Gerrit-Reviewer: Ádám Bakai <aba...@cloudera.com>

Reply via email to