[
https://issues.apache.org/jira/browse/GOBBLIN-444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hung Tran resolved GOBBLIN-444.
-------------------------------
Resolution: Fixed
Fix Version/s: 0.13.0
Issue resolved by pull request #2318
[https://github.com/apache/incubator-gobblin/pull/2318]
> Add support to rotate master keys for encryption/decryption
> -----------------------------------------------------------
>
> Key: GOBBLIN-444
> URL: https://issues.apache.org/jira/browse/GOBBLIN-444
> Project: Apache Gobblin
> Issue Type: Wish
> Reporter: Arjun Singh Bora
> Assignee: Arjun Singh Bora
> Priority: Major
> Fix For: 0.13.0
>
>
> Currently, PasswordManager uses only a single key for encryption/decryption.
> When we want to replace this master key and new encrypted passwords (using
> this new master key), jobs can fail because of the following issues :
> 1) deployment of master key and deployment of encrypted passwords may have
> some time gap.
> 2) old master key/passwords might still be in the system (e.g. kafka) waiting
> to be processed and might get processed with new passwords/key.
>
> Though, (1) can be tackled by shutting down all the services and started only
> after all components have been deployed, it is not desired to have shutdown.
> (2) cannot be tackled even by shutdown.
>
> This calls for the decryptor to be able to try decryption with old key if
> decryption failed with the new key.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
