[
https://issues.apache.org/jira/browse/CASSANDRA-21153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18056026#comment-18056026
]
Stefan Miklosovic commented on CASSANDRA-21153:
-----------------------------------------------
I think this is already supported
https://github.com/apache/cassandra/commit/24dcc280c2e442eea27e7129c4c948eb6199ed91
> Security Enhancement: Support External Secret Manager Integration for SSL
> Keystore/Truststore Passwords in Cassandra.yaml
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-21153
> URL: https://issues.apache.org/jira/browse/CASSANDRA-21153
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Feature/Encryption, Local/Config
> Reporter: BHARATH KUMAR
> Priority: Normal
>
> h4. Background
> Cassandra previously stored keystore and truststore passwords directly in
> {{{}cassandra.yaml{}}}, which posed operational security risks because
> sensitive data was present in config files.
> CASSANDRA-13428 addressed part of this risk by adding
> {{keystore_password_file}} and {{truststore_password_file}} options, allowing
> passwords to be read from secure files rather than embedded directly in the
> configuration.
> While this reduces exposure from plaintext passwords in config files, it
> still requires secret material to exist on disk and be managed at the
> operating system level.
> h4. Enhancement Request
> Extend Cassandra’s existing secure configuration capabilities (including the
> improvements from CASSANDRA-13428) to support external secret manager
> integration, enabling keystore and truststore passwords to be resolved at
> runtime from centralized secret stores rather than from local files.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
