Skip to content

[Improvement-17551][Security] Support encrypt metadata database password #17552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: dev
Choose a base branch
from
Open

[Improvement-17551][Security] Support encrypt metadata database password #17552

wants to merge 8 commits into from

Conversation

@Mrhs121
Copy link
Contributor

@Mrhs121 Mrhs121 commented Sep 29, 2025

Purpose of the pull request

close #17551

Brief change log

Allow metadata password to be configured in the form of ciphertext in the application.yaml file

Verify this pull request

This pull request is code cleanup without any test coverage.

I'll add the ut later

Pull Request Notice

Pull Request Notice

If your pull request contains incompatible change, you should also add it to docs/docs/en/guide/upgrade/incompatible.md

@Mrhs121
Copy link
Contributor Author

Mrhs121 commented Sep 29, 2025

First, use the newly added encrypt-password.sh script to obtain the encrypted ciphertext and key, such as:
屏幕截图 2025-09-29 225812

and then configure them in application.yaml.
屏幕截图 2025-09-29 230220

SbloodyS
SbloodyS requested changes Sep 30, 2025
View reviewed changes
Copy link
Member

@SbloodyS SbloodyS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At present, most open source projects write passwords in configuration files in plaintext. And each company will have its own customized encryption method, which is not universal. So I think we don't need this.

@SbloodyS SbloodyS added the discussion discussion label Sep 30, 2025
@Mrhs121
Copy link
Contributor Author

Mrhs121 commented Sep 30, 2025

At present, most open source projects write passwords in configuration files in plaintext. And each company will have its own customized encryption method, which is not universal. So I think we don't need this.

I saw in the wechat group that several community users had put forward this demand. Coincidentally, our company also had this demand, so that's why I did it

@SbloodyS
Copy link
Member

SbloodyS commented Sep 30, 2025

I saw in the wechat group that several community users had put forward this demand. Coincidentally, our company also had this demand, so that's why I did it

This is not the way to discuss in the apache open source community.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SbloodyS SbloodyS SbloodyS requested changes

@caishunfeng caishunfeng Awaiting requested review from caishunfeng caishunfeng is a code owner

@EricGao888 EricGao888 Awaiting requested review from EricGao888 EricGao888 is a code owner

@ruanwenjun ruanwenjun Awaiting requested review from ruanwenjun ruanwenjun is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@Mrhs121 Mrhs121

Labels

backend discussion discussion

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Improvement][Security] Support encrypt metadata database password

2 participants

@Mrhs121 @SbloodyS