Ashish K Singh created KAFKA-2629:
-------------------------------------
Summary: Enable getting SSL password from an executable rather
than passing plaintext password
Key: KAFKA-2629
URL: https://issues.apache.org/jira/browse/KAFKA-2629
Project: Kafka
Issue Type: Improvement
Components: security
Affects Versions: 0.9.0.0
Reporter: Ashish K Singh
Assignee: Ashish K Singh
Currently there are a couple of options to pass SSL passwords to Kafka, i.e.,
via properties file or via command line argument. Both of these are not
recommended security practices.
* A password on a command line is a no-no: it's trivial to see that password
just by using the 'ps' utility.
* Putting a password into a file, and then passing the location to that file,
is the next best option. The access to the file will be governed by unix access
permissions which we all know and love. The downside is that the password is
still just sitting there in a file, and those who have access can still see it
trivially.
* The most general, secure solution is to provide a layer of abstraction:
provide functionality to get the password from "somewhere else". The most
flexible and generic way to do this is to simply call an executable which
returns the desired password.
** The executable is again protected with normal file system privileges
** The simplest form, a script that looks like "echo 'my-password'", devolves
back to putting the password in a file
** A more interesting implementation could open up a local encrypted password
store and extract the password from it
** A maximally secure implementation could contact an external secret manager
with centralized control and audit functionality.
** In short: getting the password as the output of a script/executable is
maximally generic and enables both simple and complex use cases.
This JIRA intend to add a config param to enable passing an executable to Kafka
for SSL passwords.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
