You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@gobblin.apache.org by "Hung Tran (JIRA)" <ji...@apache.org> on 2018/03/28 00:13:00 UTC
[jira] [Resolved] (GOBBLIN-444) Add support to rotate master keys
for encryption/decryption
[ https://issues.apache.org/jira/browse/GOBBLIN-444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hung Tran resolved GOBBLIN-444.
-------------------------------
Resolution: Fixed
Fix Version/s: 0.13.0
Issue resolved by pull request #2318
[https://github.com/apache/incubator-gobblin/pull/2318]
> Add support to rotate master keys for encryption/decryption
> -----------------------------------------------------------
>
> Key: GOBBLIN-444
> URL: https://issues.apache.org/jira/browse/GOBBLIN-444
> Project: Apache Gobblin
> Issue Type: Wish
> Reporter: Arjun Singh Bora
> Assignee: Arjun Singh Bora
> Priority: Major
> Fix For: 0.13.0
>
>
> Currently, PasswordManager uses only a single key for encryption/decryption.
> When we want to replace this master key and new encrypted passwords (using this new master key), jobs can fail because of the following issues :
> 1) deployment of master key and deployment of encrypted passwords may have some time gap.
> 2) old master key/passwords might still be in the system (e.g. kafka) waiting to be processed and might get processed with new passwords/key.
>
> Though, (1) can be tackled by shutting down all the services and started only after all components have been deployed, it is not desired to have shutdown. (2) cannot be tackled even by shutdown.
>
> This calls for the decryptor to be able to try decryption with old key if decryption failed with the new key.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)