[jira] [Commented] (CASSANDRA-20856) system_views.settings exposes encryption and TDE passwords in plaintext over CQL

Stefan Miklosovic (Jira) Wed, 27 Aug 2025 02:05:27 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-20856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18016466#comment-18016466
 ]


Stefan Miklosovic commented on CASSANDRA-20856:
-----------------------------------------------

What is redacted:

4.1

{code}
client_encryption_options.keystore
client_encryption_options.keystore_password
client_encryption_options.truststore
client_encryption_options.truststore_password
server_encryption_options.keystore
server_encryption_options.keystore_password
server_encryption_options.truststore
server_encryption_options.truststore_password
{code}

5.0 - same as 4.1

5.1 / trunk

{code}
client_encryption_options.keystore
client_encryption_options.keystore_password
client_encryption_options.keystore_password_file
client_encryption_options.truststore
client_encryption_options.truststore_password
client_encryption_options.truststore_password_file
jmx_server_options.jmx_encryption_options.keystore
jmx_server_options.jmx_encryption_options.keystore_password
redacted jmx_server_options.jmx_encryption_options.keystore_password_file
redacted jmx_server_options.jmx_encryption_options.truststore
redacted jmx_server_options.jmx_encryption_options.truststore_password
redacted jmx_server_options.jmx_encryption_options.truststore_password_file
redacted jmx_server_options.password_file
redacted server_encryption_options.keystore
redacted server_encryption_options.keystore_password
redacted server_encryption_options.keystore_password_file
redacted server_encryption_options.truststore
redacted server_encryption_options.truststore_password
redacted server_encryption_options.truststore_password_file
{code}

[~hayato.shimizu] [~frankgh] are you all ok with that?

> system_views.settings exposes encryption and TDE passwords in plaintext over 
> CQL
> --------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-20856
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20856
>             Project: Apache Cassandra
>          Issue Type: Bug
>          Components: Feature/Virtual Tables
>            Reporter: Hayato Shimizu
>            Assignee: Stefan Miklosovic
>            Priority: Normal
>             Fix For: 4.1.x, 5.0.x, 5.x
>
>          Time Spent: 2.5h
>  Remaining Estimate: 0h
>
> Selecting from the virtual table {{system_views.settings}}  shows the 
> property values cassandra.yaml faithfully, including the ones that contain 
> passwords.
>  
> Any user with {{SELECT}} on {{system_views.settings}} can read these secrets.
>  
> {code:java}
> cqlsh:system_views> select * from settings where name = 
> 'client_encryption_options.truststore_password';
>  name                                          | value
> -----------------------------------------------+----------
>  client_encryption_options.truststore_password | changeit
> (1 rows)
> cqlsh:system_views> select * from settings where name = 
> 'client_encryption_options.keystore_password';
>  name                                        | value
> ---------------------------------------------+----------
>  client_encryption_options.keystore_password | changeit
> (1 rows)
> cqlsh:system_views> select * from settings where name = 
> 'server_encryption_options.truststore_password';
>  name                                          | value
> -----------------------------------------------+----------
>  server_encryption_options.truststore_password | changeit
> (1 rows)
> cqlsh:system_views> select * from settings where name = 
> 'server_encryption_options.keystore_password';
>  name                                        | value
> ---------------------------------------------+----------
>  server_encryption_options.keystore_password | changeit
> (1 rows)
> cqlsh:system_views> select * from system_views.settings where name = 
> 'transparent_data_encryption_options.key_provider.parameters';
>  name                                                        | value
> -------------------------------------------------------------+--------------------------------------------------------------------------------------------------
>  transparent_data_encryption_options.key_provider.parameters | 
> {keystore_password=cassandra, keystore=conf/.keystore, store_type=JCEKS, 
> key_password=cassandra} {code}
> Passwords and secrets should be handled as a special case and not exposed in 
> plain text in any of the virtual tables.
> Observed in 4.1.x and 5.0.x



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

[jira] [Commented] (CASSANDRA-20856) system_views.settings exposes encryption and TDE passwords in plaintext over CQL

Reply via email to