[
https://issues.apache.org/jira/browse/CASSANDRA-13971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17507533#comment-17507533
]
Stefan Miklosovic commented on CASSANDRA-13971:
-----------------------------------------------
I think we have foundations for this to be implemented in CASSANDRA-16666. What
do you think about this [~maulin.vasavada] ?
PR is here: https://github.com/apache/cassandra/pull/218/files
> Automatic certificate management using Vault
> --------------------------------------------
>
> Key: CASSANDRA-13971
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13971
> Project: Cassandra
> Issue Type: Improvement
> Components: Legacy/Streaming and Messaging
> Reporter: Stefan Podkowinski
> Priority: Normal
> Labels: security
> Fix For: 4.x
>
> Attachments: patches-13971.tar, start_vault_ssl.sh
>
>
> We've been adding security features during the last years to enable users to
> secure their clusters, if they are willing to use them and do so correctly.
> Some features are powerful and easy to work with, such as role based
> authorization. Other features that require to manage a local keystore are
> rather painful to deal with. Think about setting up SSL..
> To be fair, keystore related issues and certificate handling hasn't been
> invented by us. We're just following Java standards there. But that doesn't
> mean that we absolutely have to, if there are better options. I'd like to
> give it a shoot and find out if we can automate certificate/key handling
> (PKI) by using external APIs. In this case, the implementation will be based
> on [Vault|https://vaultproject.io]. But certificate management services
> offered by cloud providers may also be able to handle the use-case and I
> intend to create a generic, pluggable API for that.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
