Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure plugin certificate too dangerous ? #68

Closed
precbioinf opened this issue Feb 23, 2015 · 5 comments
Closed

Azure plugin certificate too dangerous ? #68

precbioinf opened this issue Feb 23, 2015 · 5 comments

Comments

@precbioinf
Copy link

Hi,

I have played with the azure plugin and am worried that the certificate
placed into Azure management pool can be very powerful. If a cracker
steals the password and keystore from the elasticsearch.yml, would they
be able to disrupt all the deployments from the same Azure subscription,
even if not related to elasticsearch ? E.g. they could use the keystore,
password to access the subscription fully and delete all the nodes ?

Is there a way to reduce the privilege of the uploaded certificates to
something safer ?

Thanks.
@dadoonet
Copy link
Member

I do agree. That's the reason I brought up #67.
If doable it will fix that.

@dadoonet dadoonet reopened this Feb 23, 2015
@pwli
Copy link

pwli commented Apr 8, 2015

After trying to keep passwords/keys safe for luks/cryptsetup and other tools,
I was wondering if ES can allow the use of stdin for password at start up ?
For example, if elasticsearch.yml has:

cloud:
    ...
             keystore:
                   path: /path/to/azurekeystore.pkcs12
                   password: "<stdin>" or a simple "-"
                   type: pkcs12

then it will flag azure plugin to prompt the user to enter a password to continue.
In this case, if someone steals the .yml and keystore file, they won't
be able to get to the certificate.

This won't work if we expect ES to start automatically from a node
reboot. In this case, you just have to put the password in. But this
could provide some protection than leaving the files out in the open
even if they are unix permission restricted.

My two cents.

@dadoonet
Copy link
Member

@pwli I think that we can now support this (not tested though) with elastic/elasticsearch#10918

cc @jaymode

@jaymode
Copy link
Member

jaymode commented Jul 24, 2015

@dadoonet correct we should be able to support prompting for any setting in the elasticsearch.yml file starting with elasticsearch 1.6.0.

Configuration details are documented here https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html#styles

@dadoonet
Copy link
Member

dadoonet commented Aug 6, 2015

Closing as you could probably now use what @pwli suggested.

Feel free to open a new issue in https://github.com/elastic/elasticsearch repo if it does not work as expected.

@dadoonet dadoonet closed this as completed Aug 6, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dadoonet @jaymode @precbioinf @pwli