Hi Adam, What do you mean by "app read password from xxx". Doesn't the kafka read the server.properties ? So, is there any way to let kafka read an encryption? I don't want to put cleartext password in the kafka property config file
-----邮件原件----- 发件人: Adam Kunicki [mailto:a...@streamsets.com] 发送时间: 2016年3月21日 11:45 收件人: users@kafka.apache.org 主题: Re: For SSL config, Any way to avoid the cleartext passwords? One option is that your application could read the password from an access restricted file (e.g. owner read/write only) or retrieve it from a credentials server (e.g. hadoop kms, hashicorp vault) For what its worth, java keystore passwords are pretty useless anyway and keystores can be read without even knowing it as demonstrated in this code snippet: https://gist.github.com/zach-klippenstein/4631307 On Sun, Mar 20, 2016 at 8:18 PM, Linyuxin <linyu...@huawei.com> wrote: > Hi All, > Kafka 0.9.0 support ssl. > And in the document, password in ssl config is cleartext passwords. > e.g. > ssl.keystore.location=/var/private/ssl/kafka.server.keystore.jks > ssl.keystore.password=test1234 > ssl.key.password=test1234 > > ssl.truststore.location=/var/private/ssl/kafka.server.truststore.jks > ssl.truststore.password=test1234 any way to avoid this > "test1234" cleartext in the file? > Like some encryption? > -- Adam Kunicki StreamSets | Field Engineer mobile: 415.890.DATA (3282) | linkedin <http://www.adamkunicki.com>
