You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by ashish sood <as...@gmail.com> on 2020/06/01 23:42:11 UTC
Using encrypted distributed worker file
Hi All,
I am running a distributed worker that connects to a Kafka infrastructure
over TLS and Scram authentication. In addition to this, the RESTAPI
interface is also secured with userid/password authentication. Hence my
config has a a lot of passwords (keystore,trust store , jaas config etc)
Currently, I am storing the distributed worker config file in encrypted
mode on server and have configured a script to decrypt the file and start
the worker process.Post starting the process the decrypted file is deleted.
Is there a more cleaner way of doing this? A better way of running
distributed worker while ensuring the distributed worker config file does
not expose the sensitive passwords
Regards
Ashish Sood
Re: Using encrypted distributed worker file
Posted by Tom Bentley <tb...@redhat.com>.
Hi Ashish,
KIP-297[1] added support for "config providers", which allow a config file
to have an indirect reference to secrets stored elsewhere. While it doesn't
sound like the provided FileConfigProvider would be suitable for your
needs, you could provide your own ConfigProvider to implement a secret
distribution mechanism of your choice. FWIW KIP-421[2] extended config
providers to basically every other config in Kafka.
Hope that helps.
Tom
[1]:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-297%3A+Externalizing+Secrets+for+Connect+Configurations
[2]:
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=100829515
On Fri, Jun 12, 2020 at 6:36 PM ashish sood <as...@gmail.com> wrote:
> Hi Team,
>
> Any help would be greatly appreciated.
>
> I am looking forward to a way where I can store the passwords in
> encrypted/hashed format on the distributed worker properties file.
>
> Regards
> Ashish Sood
>
> On Tue, Jun 2, 2020 at 12:42 AM ashish sood <as...@gmail.com> wrote:
>
> > Hi All,
> >
> > I am running a distributed worker that connects to a Kafka infrastructure
> > over TLS and Scram authentication. In addition to this, the RESTAPI
> > interface is also secured with userid/password authentication. Hence my
> > config has a a lot of passwords (keystore,trust store , jaas config etc)
> >
> > Currently, I am storing the distributed worker config file in encrypted
> > mode on server and have configured a script to decrypt the file and start
> > the worker process.Post starting the process the decrypted file is
> deleted.
> >
> > Is there a more cleaner way of doing this? A better way of running
> > distributed worker while ensuring the distributed worker config file does
> > not expose the sensitive passwords
> >
> > Regards
> > Ashish Sood
> >
>
Re: Using encrypted distributed worker file
Posted by ashish sood <as...@gmail.com>.
Hi Team,
Any help would be greatly appreciated.
I am looking forward to a way where I can store the passwords in
encrypted/hashed format on the distributed worker properties file.
Regards
Ashish Sood
On Tue, Jun 2, 2020 at 12:42 AM ashish sood <as...@gmail.com> wrote:
> Hi All,
>
> I am running a distributed worker that connects to a Kafka infrastructure
> over TLS and Scram authentication. In addition to this, the RESTAPI
> interface is also secured with userid/password authentication. Hence my
> config has a a lot of passwords (keystore,trust store , jaas config etc)
>
> Currently, I am storing the distributed worker config file in encrypted
> mode on server and have configured a script to decrypt the file and start
> the worker process.Post starting the process the decrypted file is deleted.
>
> Is there a more cleaner way of doing this? A better way of running
> distributed worker while ensuring the distributed worker config file does
> not expose the sensitive passwords
>
> Regards
> Ashish Sood
>