[ZOOKEEPER-3689] zkCli/ZooKeeperMain relies on system properties for TLS config - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.6.0, 3.5.5, 3.5.6
Fix Version/s: 3.6.1
Component/s: security, server
Labels:
- pull-request-available

Description

The command line client to ZooKeeper (org.apache.zookeeper.ZooKeeperMain, invoked via bin/zkCli.

{bat,sh}

) has no facility for accepting TLS client configuration (e.g. keystore/truststore location and password) except via system properties. System properties must be passed on the command line as "-D" arguments and are inherently not secure. There should be a way to pass the client TLS configuration to org.apache.zookeeper.ZooKeeperMain in a more secure way (e.g. via a file).

Attachments

Issue Links

links to

GitHub Pull Request #1285

mentioned in: Page Loading...

Activity

People

Assignee:: Sankalp Bhatia

Reporter:: Ron Dagostino

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Jan/20 17:34

Updated:: 03/Nov/20 13:32

Resolved:: 26/Mar/20 21:19

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2.5h