[jira] [Work logged] (ARTEMIS-3794) "org.apache.activemq.ssl.keyStorePassword" and "org.apache.activemq.ssl.trustStorePassword" system properties should support ENC(...) format

Thu, 15 Dec 2022 10:48:03 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3794?focusedWorklogId=833938&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-833938
 ]

ASF GitHub Bot logged work on ARTEMIS-3794:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Dec/22 18:47
            Start Date: 15/Dec/22 18:47
    Worklog Time Spent: 10m 
      Work Description: ryan-highley commented on PR #4135:
URL: 
https://github.com/apache/activemq-artemis/pull/4135#issuecomment-1353551365

   > @ryan-highley, I'm not really in favor of a "useMaskedPassword" property. 
We've deprecated this style of configuration in recent years and consolidated 
on the `ENC()` syntax which can be automatically detected.
   
   Agree wholeheartedly!
   
   The parameter-based approach is documented as being deprecated, and I'm 
perfectly happy to remove its support with the system properties here. I 
included the system property solely for "principle of least surprise" since 
elsewhere the "useMaskedPassword" configurations do still work for backwards 
compatibility.
   
   I'll remove the system property and gladly clean up the associated 
extraneous unit tests!
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 833938)
    Time Spent: 3h 10m  (was: 3h)

> "org.apache.activemq.ssl.keyStorePassword" and 
> "org.apache.activemq.ssl.trustStorePassword" system properties should support 
> ENC(...) format
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3794
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3794
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 2.19.1
>            Reporter: Apache Dev
>            Priority: Major
>          Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> In order to set client keyStore/trustStore passwords, overriding those 
> obtained by topology updates from brokers (see ARTEMIS-1157), we need to set 
> system properties.
> Such properties could be logged in traces or be present in dumps.
> It would be a more secure practice to handle ENC(...) format to mask them.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to