You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by Robert Levas <rl...@apache.org> on 2019/03/21 14:07:50 UTC
[DISCUSS] Master Secret synchronization across instances
Team...
I was thinking about taking on the the task of "Master Secret
synchronization across instances", from the "Planning for Apache Knox 1.3.0
Release" email (February 12, 2019). If this is still up for grabs.
Before digging too deep, does anyone have any thoughts on this?
Thanks,
Rob
Re: [DISCUSS] Master Secret synchronization across instances
Posted by Robert Levas <rl...@cloudera.com.INVALID>.
Thanks @Kevin Risden <kr...@apache.org>... I guess we will need @Larry
McCay <lm...@apache.org> to answer that.
Rob
On Thu, Mar 21, 2019 at 10:11 AM Kevin Risden <kr...@apache.org> wrote:
> I guess the first question I have is - is master secret synchronization
> required?
>
> One case where it matters right now is with Zookeeper Remote Alias Service
> since passwords are encrypted with the master secret before being stored.
> Not sure where else the master secret matters and should be in sync.
>
> So I guess a list of why we would need the master secret in sync would be a
> good start.
>
> Kevin Risden
>
>
> On Thu, Mar 21, 2019 at 10:08 AM Robert Levas <rl...@apache.org> wrote:
>
> > Team...
> >
> > I was thinking about taking on the the task of "Master Secret
> > synchronization across instances", from the "Planning for Apache Knox
> 1.3.0
> > Release" email (February 12, 2019). If this is still up for grabs.
> >
> > Before digging too deep, does anyone have any thoughts on this?
> >
> > Thanks,
> >
> > Rob
> >
>
Re: [DISCUSS] Master Secret synchronization across instances
Posted by Kevin Risden <kr...@apache.org>.
I guess the first question I have is - is master secret synchronization
required?
One case where it matters right now is with Zookeeper Remote Alias Service
since passwords are encrypted with the master secret before being stored.
Not sure where else the master secret matters and should be in sync.
So I guess a list of why we would need the master secret in sync would be a
good start.
Kevin Risden
On Thu, Mar 21, 2019 at 10:08 AM Robert Levas <rl...@apache.org> wrote:
> Team...
>
> I was thinking about taking on the the task of "Master Secret
> synchronization across instances", from the "Planning for Apache Knox 1.3.0
> Release" email (February 12, 2019). If this is still up for grabs.
>
> Before digging too deep, does anyone have any thoughts on this?
>
> Thanks,
>
> Rob
>