You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by herval <gi...@git.apache.org> on 2017/09/25 19:35:48 UTC
[GitHub] zeppelin pull request #2599: [ZEPPELIN-2952] encrypt credentials.json with A...
GitHub user herval opened a pull request:
https://github.com/apache/zeppelin/pull/2599
[ZEPPELIN-2952] encrypt credentials.json with AES
### What is this PR for?
Support encrypting passwords using a private key
### What type of PR is it?
Improvement
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2952
### How should this be tested?
- Set the env variable `ZEPPELIN_CREDENTIALS_ENCRYPT_KEY=something`
- Save a few credentials
- Check that the `credentials.json` file is storing encrypted passwords
- Restart server using the same env variable for `ZEPPELIN_CREDENTIALS_ENCRYPT_KEY`
- The credentials should still be decryptable
### Questions:
* Does the licenses files need update?
No
* Is there breaking changes for older versions?
No
* Does this needs documentation?
Yes
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/herval/zeppelin encrypt-credentials
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2599.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2599
----
commit c3e0ead0a4ba18d1131ffa008858593030b4776a
Author: Herval Freire <hf...@twitter.com>
Date: 2017-08-04T17:51:37Z
encrypt credentials.json with AES
----
---
[GitHub] zeppelin issue #2599: [ZEPPELIN-2952] encrypt credentials.json with AES
Posted by herval <gi...@git.apache.org>.
Github user herval commented on the issue:
https://github.com/apache/zeppelin/pull/2599
done :)
---
[GitHub] zeppelin pull request #2599: [ZEPPELIN-2952] encrypt credentials.json with A...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/zeppelin/pull/2599
---
[GitHub] zeppelin issue #2599: [ZEPPELIN-2952] encrypt credentials.json with AES
Posted by Leemoonsoo <gi...@git.apache.org>.
Github user Leemoonsoo commented on the issue:
https://github.com/apache/zeppelin/pull/2599
Thanks! LGTM and merge to master if no further comments.
---
[GitHub] zeppelin issue #2599: [ZEPPELIN-2952] encrypt credentials.json with AES
Posted by Leemoonsoo <gi...@git.apache.org>.
Github user Leemoonsoo commented on the issue:
https://github.com/apache/zeppelin/pull/2599
One CI failure https://travis-ci.org/herval/zeppelin/jobs/283036367 is license check and looks like `zeppelin-interpreter/src/main/java/org/apache/zeppelin/user/Encryptor.java` misses apache license header in the beginning of the file.
@herval do you mind add license header to this file?
Other CI failure looks unrelated. so looks good to me except for this license header.
---
[GitHub] zeppelin issue #2599: [ZEPPELIN-2952] encrypt credentials.json with AES
Posted by Leemoonsoo <gi...@git.apache.org>.
Github user Leemoonsoo commented on the issue:
https://github.com/apache/zeppelin/pull/2599
Thanks @herval for the contribution!!
I tried this branch and have few feedbacks.
#### Document
I could able to create encrypt key with following command.
```
openssl enc -aes-128-cbc -k secret -P -md sha1
```
I'm not sure it's preferred way or there's any better way to create key.
Anyway, It'll be easier to use if we can document this new environment variable with how to generate key in `/docs/setup/operation/configuration.md`.
#### Protect AES key
In my understanding, if any user can get both AES key (in `conf/zeppelin-env.sh`) and `conf/credentials.json`, user can decrypt the file.
What do you think? will there be a way to prevent user get both key and encrypted file?
---