Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Right now passwords for keystore and truststore (oozie.https.keystore.pass, oozie.https.truststore.pass) are stored in oozie-site.xml as cleartext.
However, Oozie could take advantage of the Hadoop Credential Provider for storing and retrieving that passwords similarly how the JDBC password (oozie.service.JPAService.jdbc.password) is handled today (see https://issues.apache.org/jira/browse/OOZIE-2272).
This way keystore and truststore passwords could be masked in oozie-site.
Note: ConfigurationService.getPassword is worth to look at.