Manikumar, Satish. Thanks for the review! As I understand, you are not in
favor of this KIP, and I do agree that having a pluggable mechanism for
sensitive data / metadata is preferable/more future-proof.
On Wed, Dec 12, 2018 at 8:12 AM Satish Duggana
wrote:
> Agree with Manikumar on having plug
Agree with Manikumar on having pluggable mechanism for entities
required/created for delegation token mechanism. I will cover that as
part of KAFKA-7694.
Thanks,
Satish.
On Tue, Dec 11, 2018 at 12:35 PM Manikumar wrote:
>
> Hi,
>
> Thanks for the KIP.
>
> Currently, master/secret key is stored as
Hi,
Thanks for the KIP.
Currently, master/secret key is stored as plain text in server.properties
config file.
Using master secret key as shared secret is again a security risk. We have
raised KAFKA-7694
to implement a ZooKeeper based master/secret key management to automate
secret key rotation.
Hi All,
I have a proposal to allow Kafka brokers to encrypt sensitive metadata
information about delegation tokens.
As of now, delegation token metadata is stored in an unencrypted format in
Zookeeper. Having the possibility to encrypt-then-MAC token information
would be beneficial in Kafka insta
