[jira] [Created] (AMBARI-25043) Sensitive Ambari configuration values should be encrypted in the Ambari server DB, if enabled

Thu, 13 Dec 2018 06:37:18 -0800 

Sandor Molnar created AMBARI-25043:
--------------------------------------

             Summary: Sensitive Ambari configuration values should be encrypted 
in the Ambari server DB, if enabled
                 Key: AMBARI-25043
                 URL: https://issues.apache.org/jira/browse/AMBARI-25043
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.8.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.8.0


Sensitive Ambari configuration values should be encrypted in the Ambari server 
DB, if enabled.

Ambari configuration value types are defined in 
{{org.apache.ambari.server.configuration.AmbariServerConfigurationKey}}. 
Sensitive properties have property type of 
{{org.apache.ambari.server.configuration.ConfigurationPropertyType#PASSWORD}}.

Using this information, _if this feature is enabled_, the Ambari server should 
encrypt sensitive values before storing them in the {{ambari_configuration}} 
table in the Ambari DB.

The Ambari server should encrypt sensitive configuration values if the 
following has been met:
 * A master key has been setup using the "ambari-server setup-security" CLI 
(using option #2 - Encrypt passwords stored in ambari.properties file)
 * The Ambari server configuration property named 
"{{security.server.encrypt_sensitive_data}}" is set to "true"

If encrypting sensitive data:
 * the value should be encrypted using a secure symmetric key encryption 
algorithm. For example AES - [https://aesencryption.net/].
 * the encryption key should be the previously set master key, or some 
reproducible encoding of it.
 * the encrypted bytes should be converted to a hex string
 * the value should be stored in the relevant field such that the value is 
declared as encrypted.
 ** for example:
{noformat}
"password" : "${enc=aes256_base64, value=5248...303d}"{noformat}

 ** this is needed in the event {{server.security.encrypt_sensitive_data}} is 
changed to false, but there are still encrypted values in the database.

Encrypted data needs to be decrypted before being used or returned via the REST 
API. The data may be re-encrypted depending on use.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to