Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-3184

Storm supervisor log showing keystore and truststore password in plaintext

    XMLWordPrintableJSON

    Details

      Description

      When we enable SSL for Apache storm, the superviosr log shows the keystore and truststore password in the plaintext

      log name : /var/log/storm/supervisor.log 

      
      2018-05-28 16:21:12.594 o.a.s.d.s.Supervisor main [INFO] Starting supervisor for storm version '1.1.1.3.1.1.0-35'. 
      2018-05-28 16:21:12.595 o.a.s.d.s.Supervisor main [INFO] Starting Supervisor with conf {storm.messaging.netty.min_wait_ms=100, storm.zookeeper.auth.user=null, storm.messaging.netty.buffer_s 
      ize=5242880, client.jartransformer.class=org.apache.storm.hack.StormShadeTransformer, storm.exhibitor.port=8080, pacemaker.auth.method=NONE, ui.filter=null, worker.profiler.enabled=false 
      ui.https.key.password=pass123
      ui.https.keystore.password=pass123 
      
      

      For the below properties created in custom-storm-site section in Ambari while enabling SSL. 

      
      ui.https.key.password=pass123 
      ui.https.keystore.password=pass123
      
      

        Attachments

          Activity

            People

            • Assignee:
              arunmahadevan Arun Mahadevan
              Reporter:
              arpitkhare04 Arpit Khare
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 3h 10m
                3h 10m