[jira] [Commented] (AMBARI-22571) Handle passwords/sensitive data in Ambari configuration properties

Fri, 01 Dec 2017 13:38:25 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-22571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16275024#comment-16275024
 ] 

Robert Levas commented on AMBARI-22571:
---------------------------------------

[~smolnar]

*When you say 'hide' do you mean replacing the content with * characters let's 
say or do you mean to actually not show (cut out) that name/value pair?*
Good question. If the property is excluded, the consumer may assume the 
property was not set.  If the property is masked, the consumer may consider the 
masked value as the _real_ value. 
Maybe the solution is to provide metadata with the property set.  I believe 
that there is some logic like this related to service-level configurations, but 
I am not entirely sure how this is done. 

[~u39kun], [~akovalenko] can you help with how the front end handle hiding 
passwords now?


*What kind of data do we consider sensitive? Only passwords? If not, could you 
please give me a hint?*
For starters it would be passwords, but ideally the solution would allow any 
Ambari-level property to be _flagged_ as being sensitive. 


*Is it a valid assumption that we do want to do this on any level (i.e. we hide 
passwords on all layers for any services)?*
As mentioned above, there is already some mechanism that helps to secure 
sensitive data for service-level configs.  Ambari-level configurations is new 
concept created to support moving Ambari configurations from the 
ambari.properties file into the database. 





> Handle passwords/sensitive data in Ambari configuration properties
> ------------------------------------------------------------------
>
>                 Key: AMBARI-22571
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22571
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Minor
>              Labels: config, security
>             Fix For: trunk
>
>
> Passwords and other sensitive data stored as values to properties in Ambari 
> configurations need to be masked or not stored in cleartext.
> For example, 
> {{ldap-configuration/ambari.ldap.connectivity.trust_store.password}} and 
> ldap-{{configuration/ambari.ldap.connectivity.bind_password}}.
> If the Ambari credential store is enabled (which might be by default as of 
> Ambari 3.0.0), the sensitive date can be stored there like we do when 
> sensitive data is to be stored in the ambari.properties file - see 
> {{org.apache.ambari.server.security.encryption.CredentialStoreService}}.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to