[FEATURE] Clear text password stored in OPENSEARCH_INITIAL_ADMIN_PASSWORD_TXT is insecure #3847
Labels
enhancement
New feature or request
untriaged
Require the attention of the repository maintainers and may need to be prioritized
Comments
dblock
added
enhancement
dblock
changed the title
3 tasks
|
Closing as it was done in #3850 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem?
Storing passwords in the clear is insecure. The implementation that was chosen in #3560 offers a way to specify the password in a file that will be permanently stored on disk. Even if deleted it can be recovered. This is not secure.
What solution would you like?
Get rid of the file support that stores a clear text password.
There's already a way to specify the admin password in a file, see https://code.dblock.org/2023/08/08/changing-the-default-admin-password-in-opensearch.html. It's not easy, but you can generate a configuration file with the password. We also do need an easier way to do this, captured in #3848.
What alternatives have you considered?
Do nothing.
Do you have any additional context?
https://code.dblock.org/2023/08/08/changing-the-default-admin-password-in-opensearch.html
The text was updated successfully, but these errors were encountered: