[jira] [Commented] (CASSANDRA-13428) Security: provide keystore_password_file and truststore_password_file options

[Stefan Miklosovic (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-13428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17863956#comment-17863956
 ] 

Stefan Miklosovic commented on CASSANDRA-13428:
-----------------------------------------------

This looks like a good idea but I would probably "merge" this functionality 
with CASSANDRA-18508 and similar. What I mean by "merging" is that instead of 
having jmx credentials and then server / client credentials, could not we just 
have one section called "credentials"? (or similar to that). Then it would be 
also easier to fetch them all at once from whatever source we want. 

> Security: provide keystore_password_file and truststore_password_file options
> -----------------------------------------------------------------------------
>
>                 Key: CASSANDRA-13428
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-13428
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Feature/Encryption, Local/Config
>            Reporter: Bas van Dijk
>            Priority: Normal
>   Original Estimate: 3h
>  Remaining Estimate: 3h
>
> Currently passwords are stored in plaintext in the configuration file as in:
> {code}
>     server_encryption_options:
>       keystore_password: secret
>       truststore_password: secret
>     client_encryption_options:
>       keystore_password: secret
> {code}
> This has the disadvantage that, in order to protect the secrets, the whole 
> configuration file needs to have restricted ownership and permissions. This 
> is problematic in operating systems like NixOS where configuration files are 
> usually stored in world-readable locations.
> A secure option would be to store secrets in files (with restricted ownership 
> and permissions) and reference those files from the unrestricted 
> configuration file as in for example:
> {code}
>     server_encryption_options:
>       keystore_password_file: /run/keys/keystore-password
>       truststore_password_file: /run/keys/truststore-password
>     client_encryption_options:
>       keystore_password_file: /run/keys/keystore-password
> {code}
> This is trivial to implement and provides a big gain in security.
> So in summary I'm proposing to add the {{keystore_password_file}} and 
> {{truststore_password_file}} options besides the existing 
> {{keystore_password}} and {{truststore_password options}}. The former will 
> take precedence over the latter.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org