[KAFKA-4294] Allow password file in server.properties to separate 'secrets' from standard configs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: config, security
Labels:
None

Description

Java's keytool(for Windows) allows you to specify the keystore/truststore password with an external file in addition to a string argument.

-storepass:file secret.txt

http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

It would be nice if Kafka could offer the same functionality allowing organizations to separate concerns between standard configs and 'secrets'.

Ideally Kafka would add a secrets file property to the broker config which could override any ssl properties which currently exist within the broker config. Since the secrets file property is only used to override existing SSL/TLS properties the change maintains backward compatibility.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Ryan P

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12/Oct/16 09:53

Updated:: 03/Aug/18 18:09