Is there a way to encrypt kafka security configuration(ssl config) passwords at broker and client side

huangapple go评论73阅读模式
英文:

Is there a way to encrypt kafka security configuration(ssl config) passwords at broker and client side

问题

如何在Kafka的经纪人和客户端上加密安全配置密码。

我目前以明文格式存储Kafka安全配置(与密码相关的配置),方式如下:

  1. 在Kafka服务器端的Kafka/config/server.properties中:
    ssl.truststore.password=
    ssl.keystore.password=
    ssl.key.password=
    listener.name.sasl.ssl.scram-sha-256.sasl.jaas.config.password=

这些值是明文密码。

  1. 在客户端的application.properties中:
    spring.cloud.stream.kafka.binder.jaas.options.password = 
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password = 

这些值也是明文密码。

但是,我希望将这些密码以加密形式存储在上述两个位置,而不是明文。我正在寻找一些示例示范,但我找不到任何有用的资源。

英文:

How to encrypt Kafka security configuration passwords at broker and client side.

I am currently storing the Kafka security configurations(password related configs) in Plain-text format in the following ways

  1. at the Kafka server side in Kafka/config/server.properties
    ssl.truststore.password=
    ssl.keystore.password=
    ssl.key.password=
    listener.name.sasl.ssl.scram-sha-256.sasl.jaas.config.password=
the values are Plain-text passwords
  1. at the client side in application.properties
    spring.cloud.stream.kafka.binder.jaas.options.password = 
    spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password = 

the values are Plain-text passwords

but I instead of storing these passwords as Plain-text, I want to store them in encrypted form at both the above places.
I am looking for some sample examples for the same as I couldn't find any helpful resources for the same.

答案1

得分: 1

对于经纪人,我不确定你能否这样做。相反,你会限制谁可以访问服务器。你可以使用脚本从外部服务(如Vault)生成文件,但文件本身仍将包含明文值。

对于客户端,Spring属性可以使用环境变量进行变量插值,Spring配置服务器、Vault等。

英文:

For the broker, I'm not sure you can. Rather, you'd limit who can access the server. You can use scripts to generate the file from external services like Vault, but the file itself will still consist of plaintext values.

For the client, Spring properties can use variable interpolation with environment variables, Spring Config Server, Vault etc.

huangapple
  • 本文由 发表于 2023年6月5日 14:57:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/76404107.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定