[
https://issues.apache.org/jira/browse/AMBARI-24742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar resolved AMBARI-24742.
------------------------------------
Resolution: Fixed
> Sensitive service configuration values should be encrypted in the Ambari
> server DB, if enabled
> ----------------------------------------------------------------------------------------------
>
> Key: AMBARI-24742
> URL: https://issues.apache.org/jira/browse/AMBARI-24742
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.8.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 2.8.0
>
> Time Spent: 12h
> Remaining Estimate: 0h
>
> Sensitive service configuration values should be encrypted in the Ambari
> server DB, if enabled.
> Sensitive service configuration values are defined by a service's
> configuration metadata. Properties are defined in XML files under the
> service's definition directory and contain attributes that Ambari may use to
> determine whether they should be encrypted or not.
> Currently, Ambari uses the {{property-type}} attribute to determine the type
> of property. If the value of this attribute is "PASSWORD", than the value is
> considered sensitive and should be encrypted.
> {code:java|title=Example: This password field is to be encrypted, implicitly}
> <property>
> <name>ssl.server.truststore.password</name>
> <value>bigdata</value>
> <property-type>PASSWORD</property-type>
> <description>Password to open the trust store file.</description>
> <value-attributes>
> <type>password</type>
> </value-attributes>
> <on-ambari-upgrade add="false"/>
> </property>
> {code}
> Using this information, _if this feature is enabled_, the Ambari server
> should encrypt sensitive values before storing them in the database. Values
> should be encrypted within the container they are stored. For example, Ambari
> stores configurations as JSON documents. Before writing these JSON documents
> to the database, the Ambari server should process each name/value pair and
> encrypt only those that are deemed sensitive.
> The Ambari server should encrypt sensitive configuration values if the
> following has been met:
> * A master key has been setup using the "ambari-server setup-security" CLI
> (using option #2 - Encrypt passwords stored in ambari.properties file)
> * The Ambari server configuration property named
> "{{server.security.encrypt_sensitive_data}}" is set to "true"
> If encrypting sensitive data:
> * the value should be encrypted using a secure symmetric key encryption
> algorithm. For example AES - [https://aesencryption.net/].
> * the encryption key should be the previously set master key, or some
> reproducible encoding of it.
> * the encrypted bytes should be converted to a hex string
> * the value should be stored in the relevant JSON document suck that that
> the value is declared as encrypted.
> ** for example:
> {noformat}
> "password" : "${enc=aes265_hex, value=5248...303d}"{noformat}
> ** this is needed in the event {{server.security.encrypt_sensitive_data}} is
> changed to false, but there are still encrypted values in the database.
> Encrypted data needs to be decrypted before being used or returned via the
> REST API. The data may be re-encrypted depending on use. For example, when
> being sent to an Ambari agent.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
