You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/12/13 14:37:00 UTC

[jira] [Created] (AMBARI-25043) Sensitive Ambari configuration values should be encrypted in the Ambari server DB, if enabled

Sandor Molnar created AMBARI-25043:
--------------------------------------

             Summary: Sensitive Ambari configuration values should be encrypted in the Ambari server DB, if enabled
                 Key: AMBARI-25043
                 URL: https://issues.apache.org/jira/browse/AMBARI-25043
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.8.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.8.0


Sensitive Ambari configuration values should be encrypted in the Ambari server DB, if enabled.

Ambari configuration value types are defined in {{org.apache.ambari.server.configuration.AmbariServerConfigurationKey}}. Sensitive properties have property type of {{org.apache.ambari.server.configuration.ConfigurationPropertyType#PASSWORD}}.

Using this information, _if this feature is enabled_, the Ambari server should encrypt sensitive values before storing them in the {{ambari_configuration}} table in the Ambari DB.

The Ambari server should encrypt sensitive configuration values if the following has been met:
 * A master key has been setup using the "ambari-server setup-security" CLI (using option #2 - Encrypt passwords stored in ambari.properties file)
 * The Ambari server configuration property named "{{security.server.encrypt_sensitive_data}}" is set to "true"

If encrypting sensitive data:
 * the value should be encrypted using a secure symmetric key encryption algorithm. For example AES - [https://aesencryption.net/].
 * the encryption key should be the previously set master key, or some reproducible encoding of it.
 * the encrypted bytes should be converted to a hex string
 * the value should be stored in the relevant field such that the value is declared as encrypted.
 ** for example:
{noformat}
"password" : "${enc=aes256_base64, value=5248...303d}"{noformat}

 ** this is needed in the event {{server.security.encrypt_sensitive_data}} is changed to false, but there are still encrypted values in the database.

Encrypted data needs to be decrypted before being used or returned via the REST API. The data may be re-encrypted depending on use.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)