[
https://issues.apache.org/jira/browse/CASSANDRA-13428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17927928#comment-17927928
]
Stefan Miklosovic commented on CASSANDRA-13428:
-----------------------------------------------
[~maulin.vasavada]
Thank you for your patch but looking into that, I would simplify it a lot - PR
against your branch here (1).
We do not need FileBasedKeystorePasswordWrapper, that is just, in my opinion, a
redundant abstraction. We can just go without and resolve password directly in
FileBasedStoreContext. If you want to know whether a password was resolved from
yaml or from specific password file, you can make that distinction in tests
based on the value of the password itself and compare what you expect to get.
I would also do it other way around, password specified directly in the yaml
would have precedence over what is in the file. You may look at it the same way
we treat system properties. They override environment property. Env property
here is a file a system property here is a password in yaml. Password in yaml
is "closer" to the configuration source, a password in a file is one level
deeper.
(1) https://github.com/maulin-vasavada/cassandra/pull/4/files
> Security: provide keystore_password_file and truststore_password_file options
> -----------------------------------------------------------------------------
>
> Key: CASSANDRA-13428
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13428
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: Bas van Dijk
> Assignee: Maulin Vasavada
> Priority: Normal
> Original Estimate: 3h
> Time Spent: 10m
> Remaining Estimate: 2h 50m
>
> Currently passwords are stored in plaintext in the configuration file as in:
> {code}
> server_encryption_options:
> keystore_password: secret
> truststore_password: secret
> client_encryption_options:
> keystore_password: secret
> {code}
> This has the disadvantage that, in order to protect the secrets, the whole
> configuration file needs to have restricted ownership and permissions. This
> is problematic in operating systems like NixOS where configuration files are
> usually stored in world-readable locations.
> A secure option would be to store secrets in files (with restricted ownership
> and permissions) and reference those files from the unrestricted
> configuration file as in for example:
> {code}
> server_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> truststore_password_file: /run/keys/truststore-password
> client_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> {code}
> This is trivial to implement and provides a big gain in security.
> So in summary I'm proposing to add the {{keystore_password_file}} and
> {{truststore_password_file}} options besides the existing
> {{keystore_password}} and {{truststore_password options}}. The former will
> take precedence over the latter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
