Pluggable JMX credentials backend

[denniskline]

Provide a mechanism for allowing reaper users to define where/how the JMX credentials are stored.

This was briefly discussed as part of issue 143: #143

When reaper is used to orchestrate repairs across many clusters where clusters are added and removed often and each cluster has different JMX credentials, it is cumbersome to make modifications to the config.yaml on all the running instances of reaper and then restart each instance to pick up the change.

It would be great if there were options for users to be able to choose where reaper pulled JMX credentials. Reaper would also need the ability to be able to pull in new JmxCredentials as they are added.

Along these lines (and perhaps this should be split into a different issue), it would also be nice if these JMX credentials could be encrypted as leaving them as plain text raises red flags with audit it some companies.

If this is something that the community would like, I'd be more than happy to contribute to this issue

[adejanovski]

Hi @denniskline,

we sure need something like this because what we have now is faaaaar from agile (and not secured much).
We've evolved the format of the cluster table to allow storing more cluster specific data in the properties column (right now just the JMX port). It would be a great place to store the encrypted credentials.
I think a single issue should cover both as storing unencrypted credentials is probably not something we want to do.

We would love to have a contribution on this 😍
Let us know if we can help you in any way.

[denniskline]

@adejanovski - That's great news! I'll take a stab at it and keep this issue thread updated with questions along the way. Thank you very much.