You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@logging.apache.org by "Ralph Goers (JIRA)" <ji...@apache.org> on 2017/09/23 21:35:00 UTC

[jira] [Comment Edited] (LOG4J2-2054) Provide alternatives to configuring SecureSocketAppender that avoid plain-text passwords in config

    [ https://issues.apache.org/jira/browse/LOG4J2-2054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16177982#comment-16177982 ] 

Ralph Goers edited comment on LOG4J2-2054 at 9/23/17 9:34 PM:
--------------------------------------------------------------

FWIW, The FlumeAppender uses an  org.apache.logging.log4j.core.util.SecretKeyProvider to allow the user to provide a SecretKey any way they want. That may only be useful for providing an encryption key, but I would suggest using a similar abstraction for userids and/or passwords.


was (Author: ralph.goers@dslextreme.com):
FWIW, The FlumeAppender uses an  org.apache.logging.log4j.core.util.SecretKeyProvider to allow the user to provide a SecretKey any way they want.

> Provide alternatives to configuring SecureSocketAppender that avoid plain-text passwords in config
> --------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-2054
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2054
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Appenders
>    Affects Versions: 2.9.1
>            Reporter: Remko Popma
>            Assignee: Remko Popma
>             Fix For: 2.10.0
>
>
> Following up on LOG4J2-1896, currently SecureSocketAppender can only be configured by specifying the passwords to the trust store and the key store in plain text in the log4j 2 configuration file.
> Provide alternative configurations that obtain the password from different sources, for example:
> * system environment variable
> * file
> Example configuration:
> {noformat}
>   <Appenders>
>     <Socket name="socket" host="localhost" port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
>       ignoreExceptions="false">
>       <JsonLayout properties="true"/>
>       <SocketOptions keepAlive="false" receiveBufferSize="10000" reuseAddress="false" rfc1349TrafficClass="IPTOS_LOWCOST"
>         sendBufferSize="8000" soLinger="12345" soTimeout="54321" tcpNoDelay="false">
>         <SocketPerformancePreferences bandwidth="100" connectionTime="100" latency="100" />
>       </SocketOptions>
>       <Ssl>
>         <KeyStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
>           passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
>         <TrustStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
>           passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
>       </Ssl>
>     </Socket>
>   </Appenders>
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)