BHARATH KUMAR created CASSANDRA-21153:
-----------------------------------------
Summary: Security Enhancement: Support External Secret Manager
Integration for SSL Keystore/Truststore Passwords in Cassandra.yaml
Key: CASSANDRA-21153
URL: https://issues.apache.org/jira/browse/CASSANDRA-21153
Project: Apache Cassandra
Issue Type: Improvement
Components: Feature/Encryption, Local/Config
Reporter: BHARATH KUMAR
h4. Background
Cassandra previously stored keystore and truststore passwords directly in
{{{}cassandra.yaml{}}}, which posed operational security risks because
sensitive data was present in config files.
CASSANDRA-13428 addressed part of this risk by adding
{{keystore_password_file}} and {{truststore_password_file}} options, allowing
passwords to be read from secure files rather than embedded directly in the
configuration.
While this reduces exposure from plaintext passwords in config files, it still
requires secret material to exist on disk and be managed at the operating
system level.
h4. Enhancement Request
Extend Cassandra’s existing secure configuration capabilities (including the
improvements from CASSANDRA-13428) to support external secret manager
integration, enabling keystore and truststore passwords to be resolved at
runtime from secret backends rather than from local files.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
