[
https://issues.apache.org/jira/browse/ZOOKEEPER-4396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17427965#comment-17427965
]
Li Wang edited comment on ZOOKEEPER-4396 at 10/13/21, 12:26 AM:
----------------------------------------------------------------
The follow four properties can be added:
ssl.keyStore.passwordPath
ssl.quorum.keyStore.passwordPath
ssl.trustStore.passwordPath
ssl.quorum.trustStore.passwordPath
Specifies the file path that contains the key/trust store password. Reading the
password from a file takes precedence over the explicit password property.
Please let me know if you have any thoughts on this. I can submit a PR for it.
was (Author: liwang):
The follow four properties will be added:
ssl.keyStore.passwordPath
ssl.quorum.keyStore.passwordPath
ssl.trustStore.passwordPath
ssl.quorum.trustStore.passwordPath
Specifies the file path that contains the key/trust store password. Reading the
password from a file takes precedence over the explicit password property.
> read Key/trust store password from file
> ---------------------------------------
>
> Key: ZOOKEEPER-4396
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4396
> Project: ZooKeeper
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.8.0, 3.7.1
> Reporter: Li Wang
> Priority: Major
> Fix For: 3.8.0, 3.7.1
>
>
> Key/trust store password is currently specified as plain text via system
> property or config property. To avoid exposing passwords as plain text and
> reduce security vulnerability, it would be great if zookeeper can read the
> password from a file that is protected with restricted permissions.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
