You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@logging.apache.org by "Remko Popma (JIRA)" <ji...@apache.org> on 2017/09/23 16:23:01 UTC
[jira] [Created] (LOG4J2-2054) Provide alternative to configuring
SecureSocketAppender to avoid plain-text passwords in config
Remko Popma created LOG4J2-2054:
-----------------------------------
Summary: Provide alternative to configuring SecureSocketAppender to avoid plain-text passwords in config
Key: LOG4J2-2054
URL: https://issues.apache.org/jira/browse/LOG4J2-2054
Project: Log4j 2
Issue Type: Improvement
Components: Appenders
Affects Versions: 2.9.1
Reporter: Remko Popma
Assignee: Remko Popma
Fix For: 2.10.0
Following up on LOG4J2-1896, currently SecureSocketAppender can only be configured by specifying the passwords to the trust store and the key store in plain text in the log4j 2 configuration file.
Provide alternative configurations that obtain the password from different sources, for example:
* system environment variable
* file
Example configuration:
{noformat}
<Appenders>
<Socket name="socket" host="localhost" port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
ignoreExceptions="false">
<JsonLayout properties="true"/>
<SocketOptions keepAlive="false" receiveBufferSize="10000" reuseAddress="false" rfc1349TrafficClass="IPTOS_LOWCOST"
sendBufferSize="8000" soLinger="12345" soTimeout="54321" tcpNoDelay="false">
<SocketPerformancePreferences bandwidth="100" connectionTime="100" latency="100" />
</SocketOptions>
<Ssl>
<KeyStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
<TrustStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
</Ssl>
</Socket>
</Appenders>
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)