You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Rajini Sivaram (JIRA)" <ji...@apache.org> on 2016/10/14 09:11:21 UTC

[jira] [Commented] (KAFKA-4294) Allow password file in server.properties to separate 'secrets' from standard configs

    [ https://issues.apache.org/jira/browse/KAFKA-4294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15574737#comment-15574737 ] 

Rajini Sivaram commented on KAFKA-4294:
---------------------------------------

It may be good to bring this up in KIP-76 discussion:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-76+Enable+getting+password+from+executable+rather+than+passing+as+plaintext+in+config+files

> Allow password file in server.properties to separate 'secrets' from standard configs 
> -------------------------------------------------------------------------------------
>
>                 Key: KAFKA-4294
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4294
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Ryan P
>
> Java's keytool(for Windows) allows you to specify the keystore/truststore password with an external file in addition to a string argument. 
> -storepass:file secret.txt
> http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html
> It would be nice if Kafka could offer the same functionality allowing organizations to separate concerns between standard configs and 'secrets'. 
> Ideally Kafka would add a secrets file property to the broker config which could override any ssl properties which currently exist within the broker config. Since the secrets file property is only used to override existing SSL/TLS properties the change maintains backward compatibility. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)