Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
The VMParamsSingleSetCredentialsDigestZkCredentialsProvider takes a zkDigestPassword in as a plain-text JVM param, and the VMParamsAllAndReadonlyDigestZkACLProvider takes both zkDigestPassword and zkDigestReadonlyPassword.
Propose to give an option to encrypt these password using the same mechanism as DIH does:
- Add a new VM param "zkDigestPasswordEncryptionKeyFile" which is a path to a file holding the encryption key
- Store an encryption key in above mentioned file and restrict access to this file so only Solr user can read it.
- Encrypt the ZK passwords using the encryption key and provide the encrypted password in place of the plaintext one
We could also create a utility command that takes the magic out of encrypting the pw:
bin/solr util encrypt [-keyfile <file>] <string>
Attachments
Attachments
Issue Links
- relates to
-
SOLR-8756 Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername" in solr.xml
- Open