incubator-pegasus icon indicating copy to clipboard operation
incubator-pegasus copied to clipboard
verified publisher icon apache

Support encrypted password file during SASL authentication for ZooKeeper C client

Open empiredan opened this issue 3 months ago • 0 comments

Motivation

Currently, when the meta server connects to ZooKeeper via SASL, the password is stored directly in a plain text file. However, in production environments with high security requirements, storing passwords in plain text files is often not allowed.

Implementation

Starting from the newly released ZooKeeper 3.9.4, the C client supports decrypting passwords stored in files. Therefore, to enhance security, we need to:

  1. Upgrade the ZooKeeper C client dependency used by the server to 3.9.4.
  2. Add configuration options to the ZooKeeper session class to support decrypting the password in the file using a specified encryption scheme before establishing the connection.

Task list

  • [x] https://github.com/apache/incubator-pegasus/pull/2289
  • [x] https://github.com/apache/incubator-pegasus/pull/2296
  • [x] https://github.com/apache/incubator-pegasus/pull/2293

empiredan avatar Sep 10 '25 06:09 empiredan