Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-12778

Support encrypted password for ZK cred/ACL providers

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • SolrCloud
    • None

    Description

      The VMParamsSingleSetCredentialsDigestZkCredentialsProvider takes a zkDigestPassword in as a plain-text JVM param, and the VMParamsAllAndReadonlyDigestZkACLProvider takes both zkDigestPassword and zkDigestReadonlyPassword.

      Propose to give an option to encrypt these password using the same mechanism as DIH does:

      1. Add a new VM param "zkDigestPasswordEncryptionKeyFile" which is a path to a file holding the encryption key
      2. Store an encryption key in above mentioned file and restrict access to this file so only Solr user can read it.
      3. Encrypt the ZK passwords using the encryption key and provide the encrypted password in place of the plaintext one

      We could also create a utility command that takes the magic out of encrypting the pw:

      bin/solr util encrypt [-keyfile <file>] <string>

       

      Attachments

        1. SOLR-12778.patch
          21 kB
          Chris M. Hostetter

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SOLR-8756 Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername" in solr.xml

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              janhoy Jan Høydahl
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: