Skip to content

Keep Elasticsearch credentials encrypted in Redis cache(GONRG-3021) & refactor kms client & refactor dependencies

Rustam Lotsmanenko (EPAM) requested to merge gcp-encrypt-elastic-settings-in-cache into master

Description:

Elasticsearch credentials are stored encrypted in Datastore

But not in the Redis cache, they are stored there as plain text

Redis cache allow unauthenticated calls within VPC which is a potentially security breach. Elasticsearch credentials must also be encrypted in Redis.

Refactor kms client to use single implementation from core-lib-gcp.

Dependencies refactoring (clean up pom file, consolidate last libs versions in core-lib-gcp).

Changes include:

  • Refactor (a non-breaking change that improves code maintainability).

Changes in:

  • GCP
Edited by Rustam Lotsmanenko (EPAM)

Merge request reports