0

Do I have a way to store keyStorePassword and trustStorePassword values encrypted in Ignite SSL configuration XML instead of plain text?

<property name="sslContextFactory">
    <bean class="org.apache.ignite.ssl.SslContextFactory">
        <property name="keyStoreFilePath" value="keystore/node.jks"/>
        <property name="keyStorePassword" value="123456"/>
        <property name="trustStoreFilePath" value="keystore/trust.jks"/>
        <property name="trustStorePassword" value="123456"/>
        <property name="protocol" value="TLSv1.3"/>
    </bean>
</property>

Thanks Stanislav

Stas Shvarzman
  • 1
  • 1
  • There is no point to this. You will then have the endlessly recucrive problem of storing the encryption keys encrypted somewhere else. Physical security of the server is the solution here. – user207421 Aug 03 '21 at 22:57

1 Answers1

0

The simplest way is probably to use property palceholders (Ignite’s XML file is just Spring).

You can also configure it to pull passwords from secret stores. Blog here.

Stephen Darlington
  • 51,577
  • 12
  • 107
  • 152
  • *You can also configure it to pull passwords from secret stores.* And then you need some sort of authentication to get the password from that secret store. You have to bootstrap the secret-access process with something. The "vault token" in your linked example is every bit as sensitive as every secret stored in that vault instance. – Andrew Henle Aug 03 '21 at 22:54
  • That’s not really true, though. First, the token might only be valid for a few minutes. Second — and probably how you’d do it in a production environment — you’d combine the two approaches, inserting the token into the config using property placeholders. – Stephen Darlington Aug 04 '21 at 15:48