[OOZIE-2771] Allow retrieving keystore and truststore passwords from Hadoop Credential Provider - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.0.0b1
Component/s: None
Labels:
None

Description

Right now passwords for keystore and truststore (oozie.https.keystore.pass, oozie.https.truststore.pass) are stored in oozie-site.xml as cleartext.

However, Oozie could take advantage of the Hadoop Credential Provider for storing and retrieving that passwords similarly how the JDBC password (oozie.service.JPAService.jdbc.password) is handled today (see https://issues.apache.org/jira/browse/OOZIE-2272).

This way keystore and truststore passwords could be masked in oozie-site.

Note: ConfigurationService.getPassword is worth to look at.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OOZIE-2771-01.patch
20/Jan/17 19:15
2 kB
Attila Sasvári

Activity

People

Assignee:: Attila Sasvári

Reporter:: Attila Sasvári

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 10/Jan/17 12:04

Updated:: 27/Jan/18 15:53

Resolved:: 25/Jan/17 06:56