[
https://issues.apache.org/jira/browse/FLINK-23568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17696965#comment-17696965
]
Adrian Vasiliu commented on FLINK-23568:
----------------------------------------
No feedback on this issue which is critical for production-grade usages of
Flink?
AFAIK this still holds similarly with Flink 1.16/1.17.
> Plaintext Java Keystore Password Risks in the flink-conf.yaml File
> ------------------------------------------------------------------
>
> Key: FLINK-23568
> URL: https://issues.apache.org/jira/browse/FLINK-23568
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / Configuration
> Affects Versions: 1.11.3
> Reporter: Hui Wang
> Priority: Major
>
> When REST SSL is enabled, the plaintext password of the Java keystore needs
> to be configured in the flink-conf.yaml configuration of Flink, which poses
> great security risks. It is hoped that the community can provide the
> capability of encrypting and storing passwords in the flink-conf.yaml file.
>
> {code:java}
> security.ssl.internal.keystore-password: keystore_password
> security.ssl.internal.key-password: key_password
> security.ssl.internal.truststore-password: truststore_password{code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
