[ https://issues.apache.org/jira/browse/KAFKA-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14958025#comment-14958025 ]
Ashish K Singh commented on KAFKA-2629: --------------------------------------- [~sriharsha] I am proposing this as an optional config only. The default behavior can remain unchanged. As far as relevance of the proposed way to make application more secure is concerned, I think there has been quite a bit of discussion above and one can argue in favor or against it. The idea is just to enable users, and there are quite a bit of such users, to be able to plugin there preferred way of passing SSL passwords. I hope that is a reasonable ask. > Enable getting SSL password from an executable rather than passing plaintext > password > ------------------------------------------------------------------------------------- > > Key: KAFKA-2629 > URL: https://issues.apache.org/jira/browse/KAFKA-2629 > Project: Kafka > Issue Type: Improvement > Components: security > Affects Versions: 0.9.0.0 > Reporter: Ashish K Singh > Assignee: Ashish K Singh > > Currently there are a couple of options to pass SSL passwords to Kafka, i.e., > via properties file or via command line argument. Both of these are not > recommended security practices. > * A password on a command line is a no-no: it's trivial to see that password > just by using the 'ps' utility. > * Putting a password into a file, and then passing the location to that file, > is the next best option. The access to the file will be governed by unix > access permissions which we all know and love. The downside is that the > password is still just sitting there in a file, and those who have access can > still see it trivially. > * The most general, secure solution is to provide a layer of abstraction: > provide functionality to get the password from "somewhere else". The most > flexible and generic way to do this is to simply call an executable which > returns the desired password. > ** The executable is again protected with normal file system privileges > ** The simplest form, a script that looks like "echo 'my-password'", devolves > back to putting the password in a file > ** A more interesting implementation could open up a local encrypted password > store and extract the password from it > ** A maximally secure implementation could contact an external secret manager > with centralized control and audit functionality. > ** In short: getting the password as the output of a script/executable is > maximally generic and enables both simple and complex use cases. > This JIRA intend to add a config param to enable passing an executable to > Kafka for SSL passwords. -- This message was sent by Atlassian JIRA (v6.3.4#6332)