[
https://issues.apache.org/jira/browse/CASSANDRA-13428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17929657#comment-17929657
]
Stefan Miklosovic commented on CASSANDRA-13428:
-----------------------------------------------
Please add the documentation of these new fields into cassandra.yaml /
cassandra_latest.yaml, so user knows they were added. Please, do not forget to
update "jmx_server_options" with new config properties.
If password in yaml is commented out, that is effectively null in the code, so
in that case we look into password file. If password it is not commented out
but set to nothing, that is I guess null as well, or is it an empty string? I
think keystore_password:"" is the only way to set it to empty password.
So,
if keystore_password is null -> go to look into the file
if keystore_password: "" -> set empty password
In other words, file should be ever used only in case keystore_password is
null, something like:
{code}
if (password != null) return password; // here if "password" is "" (empty
string), just return an empty string
if (StringUtils.isEmpty(passwordFilePath)) return null; // if password is null,
then look into file, if it is not null or empty
{code}
> Security: provide keystore_password_file and truststore_password_file options
> -----------------------------------------------------------------------------
>
> Key: CASSANDRA-13428
> URL: https://issues.apache.org/jira/browse/CASSANDRA-13428
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: Bas van Dijk
> Assignee: Maulin Vasavada
> Priority: Normal
> Original Estimate: 3h
> Time Spent: 0.5h
> Remaining Estimate: 2.5h
>
> Currently passwords are stored in plaintext in the configuration file as in:
> {code}
> server_encryption_options:
> keystore_password: secret
> truststore_password: secret
> client_encryption_options:
> keystore_password: secret
> {code}
> This has the disadvantage that, in order to protect the secrets, the whole
> configuration file needs to have restricted ownership and permissions. This
> is problematic in operating systems like NixOS where configuration files are
> usually stored in world-readable locations.
> A secure option would be to store secrets in files (with restricted ownership
> and permissions) and reference those files from the unrestricted
> configuration file as in for example:
> {code}
> server_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> truststore_password_file: /run/keys/truststore-password
> client_encryption_options:
> keystore_password_file: /run/keys/keystore-password
> {code}
> This is trivial to implement and provides a big gain in security.
> So in summary I'm proposing to add the {{keystore_password_file}} and
> {{truststore_password_file}} options besides the existing
> {{keystore_password}} and {{truststore_password options}}. The former will
> take precedence over the latter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
