Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2054

Provide ways to configure SSL that avoid plain-text passwords in the log4j configuration

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.1
    • Fix Version/s: 2.10.0
    • Component/s: Appenders
    • Labels:
      None

      Description

      Following up on LOG4J2-1896, currently SecureSocketAppender can only be configured by specifying the passwords to the trust store and the key store in plain text in the log4j 2 configuration file.

      Provide alternative configurations that obtain the password from different sources, for example:

      • system environment variable
      • file

      Example configuration:

        <Appenders>
          <Socket name="socket" host="localhost" port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
            ignoreExceptions="false">
            <JsonLayout properties="true"/>
            <Ssl>
              <KeyStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
                passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
              <TrustStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
                passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
            </Ssl>
          </Socket>
        </Appenders>
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                remkop@yahoo.com Remko Popma
                Reporter:
                remkop@yahoo.com Remko Popma
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: