Skip to content

Keep Elasticsearch credentials encrypted in Redis cache(GONRG-3021) & refactor kms client & refactor dependencies


Elasticsearch credentials are stored encrypted in Datastore

But not in the Redis cache, they are stored there as plain text

Redis cache allow unauthenticated calls within VPC which is a potentially security breach. Elasticsearch credentials must also be encrypted in Redis.

Refactor kms client to use single implementation from core-lib-gcp.

Dependencies refactoring (clean up pom file, consolidate last libs versions in core-lib-gcp).

Changes include:

  • Refactor (a non-breaking change that improves code maintainability).

Changes in:

  • GCP
Edited by Rustam Lotsmanenko (EPAM)

Merge request reports