You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Mickael Maison (Jira)" <ji...@apache.org> on 2023/03/20 09:54:00 UTC

[jira] [Created] (KAFKA-14822) Allow restricting File and Directory ConfigProviders to specific paths

Mickael Maison created KAFKA-14822:
--------------------------------------

             Summary: Allow restricting File and Directory ConfigProviders to specific paths
                 Key: KAFKA-14822
                 URL: https://issues.apache.org/jira/browse/KAFKA-14822
             Project: Kafka
          Issue Type: Improvement
            Reporter: Mickael Maison
            Assignee: Mickael Maison


In sensitive environments, it would be interesting to be able to restrict the files that can be accessed by the built-in configuration providers.

For example:
config.providers=directory
config.providers.directory.class=org.apache.kafka.connect.configs.DirectoryConfigProvider
config.providers.directory.path=/var/run

Then if a caller tries to access another path, for example
ssl.keystore.password=${directory:/etc/passwd:keystore-password}
it would be rejected.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)