[
https://issues.apache.org/jira/browse/FLUME-2442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Roshan Naik updated FLUME-2442:
-------------------------------
Attachment: FLUME-2442.v1.patch
Uploading the patch:
Here is the solution I have implemented:
Summary of what is implemented...
+*1) Extended command line to create an obfuscated password file*+
- "flume-ng password /path/passwordFile" is the command to create a new
password file which contains password in obfuscated form
+*2) For components which dont already have a option of external password file
(Avro source/sink, HTTP source)*+
- provided an config passwordFile setting that points to external file
- user can use either the existing inline clear text password or use the
external passwordFile (ensuring backward compat)
- added another optional config setting passwordFileType. It defaults to
'TEXT' which means external password file is in clear text. It can be set to
"AES" which means the password is stored in the password file in obfuscated
form (using AES-CTR with a default key). Such a file can be created using the
"flume-ng password" command.
+*3) For components which have ability store passwords externally (JMS source,
File channel)*+
- provided the additional passwordFileType option, same as above. This retains
backward compat while allowing one to have the external password file to store
in obfuscated form
> Need an alternative to providing clear text passwords in flume config
> ---------------------------------------------------------------------
>
> Key: FLUME-2442
> URL: https://issues.apache.org/jira/browse/FLUME-2442
> Project: Flume
> Issue Type: Bug
> Components: Sinks+Sources
> Affects Versions: v1.5.0.1
> Reporter: Roshan Naik
> Assignee: Roshan Naik
> Labels: Security
> Attachments: FLUME-2442.v1.patch
>
>
> For some sources and sinks, currently, passwords to keystores/other are
> specified in clear text in the flume config file. Since flume config files
> are often easily accessible to a broader audience (like in source control for
> instance), the visibility of these passwords can be too much and risky for
> institutions where security is too critical (like banks)
> To help address this visibility issue it would be desirable to do the
> following two things :
> 1) Store the password in a separate file and provide the path of that
> password file in the flume config. this will enable the flume config to be
> shared with a wider audience and reduce risk. the password file will need to
> be very tightly guarded. Some components like file channel & JMS source
> already do this.
> 2) As an additional measure, obfuscate the password in the external password
> file. A simple command line tool can be used to generate the obfuscated
> password file. Flume source/sink configuration will read the password file
> and de-obfuscate the password before using it to access the keystore. This
> obfuscation step IMO is nice but unclear to me if it is essential.
> The following Sources and Sinks appear to use inline cleartext passwords:
> - Avro Source
> - Avro sink
> - HTTP(S) source
> JDBC channel also uses inline passwords but i am not aware of anybody who
> uses JDBC channel. So it may not be an issue.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
