You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Dhirendra Singh <dh...@gmail.com> on 2021/06/21 13:25:52 UTC
How to avoid storing password in clear text in server.properties file
Hi All,
I am currently storing various passwords like "ssl.keystore.password",
"ssl.truststore.password", SASL plain user password in cleartext in
server.properties file.
is there any way to store the password in encrypted text ?
i am using kafka version 2.5.0
Re: How to avoid storing password in clear text in server.properties file
Posted by Dhirendra Singh <dh...@gmail.com>.
Thanks Tom !
It worked for me.
such an important feature is missing documentation.
Thanks,
Dhirendra.
On Tue, Jun 22, 2021 at 2:06 PM Tom Bentley <tb...@redhat.com> wrote:
> It was done in KIP-421
> <
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=100829515
> >,
> though I guess it's not really documented very well (feel free to open a
> JIRA for that). By default Apache Kafka has a FileConfigProvider and
> DirectoryConfigProvider which both use the local file system. On Kubernetes
> it is possible to use these to access passwords stored in a Kubernetes
> Secret by using a Secret volume mount. It is also possible to implement the
> interface in terms of things like Vault or similar (e.g. see
> https://github.com/jcustenborder/kafka-config-provider-vault or
> https://github.com/provectus/kafka-connect-vault-config-provider).
>
> Kind regards,
>
> Tom
>
> On Tue, Jun 22, 2021 at 2:43 AM Dhirendra Singh <dh...@gmail.com>
> wrote:
>
> > I am using apache kafka. any such feature available in it ?
> >
> > On Mon, Jun 21, 2021 at 7:17 PM Ran Lupovich <ra...@gmail.com>
> > wrote:
> >
> > > Using Confluent Platform you can use feature called Secrets , I am not
> > > familiar with open source solution for this.
> > >
> > > https://docs.confluent.io/platform/current/security/secrets.html
> > >
> > > בתאריך יום ב׳, 21 ביוני 2021, 16:26, מאת Dhirendra Singh <
> > > dhirendraks@gmail.com>:
> > >
> > > > Hi All,
> > > > I am currently storing various passwords like
> "ssl.keystore.password",
> > > > "ssl.truststore.password", SASL plain user password in cleartext in
> > > > server.properties file.
> > > > is there any way to store the password in encrypted text ?
> > > > i am using kafka version 2.5.0
> > > >
> > >
> >
>
Re: How to avoid storing password in clear text in server.properties file
Posted by Tom Bentley <tb...@redhat.com>.
It was done in KIP-421
<https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=100829515>,
though I guess it's not really documented very well (feel free to open a
JIRA for that). By default Apache Kafka has a FileConfigProvider and
DirectoryConfigProvider which both use the local file system. On Kubernetes
it is possible to use these to access passwords stored in a Kubernetes
Secret by using a Secret volume mount. It is also possible to implement the
interface in terms of things like Vault or similar (e.g. see
https://github.com/jcustenborder/kafka-config-provider-vault or
https://github.com/provectus/kafka-connect-vault-config-provider).
Kind regards,
Tom
On Tue, Jun 22, 2021 at 2:43 AM Dhirendra Singh <dh...@gmail.com>
wrote:
> I am using apache kafka. any such feature available in it ?
>
> On Mon, Jun 21, 2021 at 7:17 PM Ran Lupovich <ra...@gmail.com>
> wrote:
>
> > Using Confluent Platform you can use feature called Secrets , I am not
> > familiar with open source solution for this.
> >
> > https://docs.confluent.io/platform/current/security/secrets.html
> >
> > בתאריך יום ב׳, 21 ביוני 2021, 16:26, מאת Dhirendra Singh <
> > dhirendraks@gmail.com>:
> >
> > > Hi All,
> > > I am currently storing various passwords like "ssl.keystore.password",
> > > "ssl.truststore.password", SASL plain user password in cleartext in
> > > server.properties file.
> > > is there any way to store the password in encrypted text ?
> > > i am using kafka version 2.5.0
> > >
> >
>
Re: How to avoid storing password in clear text in server.properties file
Posted by Dhirendra Singh <dh...@gmail.com>.
I am using apache kafka. any such feature available in it ?
On Mon, Jun 21, 2021 at 7:17 PM Ran Lupovich <ra...@gmail.com> wrote:
> Using Confluent Platform you can use feature called Secrets , I am not
> familiar with open source solution for this.
>
> https://docs.confluent.io/platform/current/security/secrets.html
>
> בתאריך יום ב׳, 21 ביוני 2021, 16:26, מאת Dhirendra Singh <
> dhirendraks@gmail.com>:
>
> > Hi All,
> > I am currently storing various passwords like "ssl.keystore.password",
> > "ssl.truststore.password", SASL plain user password in cleartext in
> > server.properties file.
> > is there any way to store the password in encrypted text ?
> > i am using kafka version 2.5.0
> >
>
Re: How to avoid storing password in clear text in server.properties file
Posted by Ran Lupovich <ra...@gmail.com>.
Using Confluent Platform you can use feature called Secrets , I am not
familiar with open source solution for this.
https://docs.confluent.io/platform/current/security/secrets.html
בתאריך יום ב׳, 21 ביוני 2021, 16:26, מאת Dhirendra Singh <
dhirendraks@gmail.com>:
> Hi All,
> I am currently storing various passwords like "ssl.keystore.password",
> "ssl.truststore.password", SASL plain user password in cleartext in
> server.properties file.
> is there any way to store the password in encrypted text ?
> i am using kafka version 2.5.0
>
Re: How to avoid storing password in clear text in server.properties file
Posted by Ryanne Dolan <ry...@gmail.com>.
Take a look at the ConfigProvider interface.
On Mon, Jun 21, 2021, 8:26 AM Dhirendra Singh <dh...@gmail.com> wrote:
> Hi All,
> I am currently storing various passwords like "ssl.keystore.password",
> "ssl.truststore.password", SASL plain user password in cleartext in
> server.properties file.
> is there any way to store the password in encrypted text ?
> i am using kafka version 2.5.0
>