[SOLR-12778] Support encrypted password for ZK cred/ACL providers - ASF JIRA

Attach files

Attach Screenshot

Add vote

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: SolrCloud
Labels:
None

Description

The VMParamsSingleSetCredentialsDigestZkCredentialsProvider takes a zkDigestPassword in as a plain-text JVM param, and the VMParamsAllAndReadonlyDigestZkACLProvider takes both zkDigestPassword and zkDigestReadonlyPassword.

Propose to give an option to encrypt these password using the same mechanism as DIH does:

Add a new VM param "zkDigestPasswordEncryptionKeyFile" which is a path to a file holding the encryption key
Store an encryption key in above mentioned file and restrict access to this file so only Solr user can read it.
Encrypt the ZK passwords using the encryption key and provide the encrypted password in place of the plaintext one

We could also create a utility command that takes the magic out of encrypting the pw:

bin/solr util encrypt [-keyfile <file>] <string>

Attachments

SOLR-12778.patch
23/Apr/20 17:27
21 kB
Chris M. Hostetter

Issue Links

Add Link

relates to

SOLR-8756 Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername" in solr.xml

Open

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Jan Høydahl

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Sep/18 10:54

Updated:: 23/Apr/20 17:36

Agile

View on Board

Support encrypted password for ZK cred/ACL providers

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment