英文:
Is there a way to encrypt kafka security configuration(ssl config) passwords at broker and client side
问题
如何在Kafka的经纪人和客户端上加密安全配置密码。
我目前以明文格式存储Kafka安全配置(与密码相关的配置),方式如下:
- 在Kafka服务器端的Kafka/config/server.properties中:
ssl.truststore.password=
ssl.keystore.password=
ssl.key.password=
listener.name.sasl.ssl.scram-sha-256.sasl.jaas.config.password=
这些值是明文密码。
- 在客户端的application.properties中:
spring.cloud.stream.kafka.binder.jaas.options.password =
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password =
这些值也是明文密码。
但是,我希望将这些密码以加密形式存储在上述两个位置,而不是明文。我正在寻找一些示例示范,但我找不到任何有用的资源。
英文:
How to encrypt Kafka security configuration passwords at broker and client side.
I am currently storing the Kafka security configurations(password related configs) in Plain-text format in the following ways
- at the Kafka server side in Kafka/config/server.properties
ssl.truststore.password=
ssl.keystore.password=
ssl.key.password=
listener.name.sasl.ssl.scram-sha-256.sasl.jaas.config.password=
the values are Plain-text passwords
- at the client side in application.properties
spring.cloud.stream.kafka.binder.jaas.options.password =
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password =
the values are Plain-text passwords
but I instead of storing these passwords as Plain-text, I want to store them in encrypted form at both the above places.
I am looking for some sample examples for the same as I couldn't find any helpful resources for the same.
答案1
得分: 1
对于经纪人,我不确定你能否这样做。相反,你会限制谁可以访问服务器。你可以使用脚本从外部服务(如Vault)生成文件,但文件本身仍将包含明文值。
对于客户端,Spring属性可以使用环境变量进行变量插值,Spring配置服务器、Vault等。
英文:
For the broker, I'm not sure you can. Rather, you'd limit who can access the server. You can use scripts to generate the file from external services like Vault, but the file itself will still consist of plaintext values.
For the client, Spring properties can use variable interpolation with environment variables, Spring Config Server, Vault etc.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论