hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10528) A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)
Date Tue, 22 Apr 2014 16:38:16 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13977022#comment-13977022

Larry McCay commented on HADOOP-10528:

Correction: the KMS patch is not quite committed yet but it is on its way in. 
That is HADOOP-10433.

> A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)
> ------------------------------------------------------------------------------
>                 Key: HADOOP-10528
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10528
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: howie yu
>         Attachments: HADOOP-10528.patch
> This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a complete Hadoop
crypto codec framework, but the key can only be retrieved from a local Java KeyStore file.
To the convenience, we design a Centralized Key Manager Server (BEE: bee-key-manager) and
user can use this TokenKeyProvider to retrieve keys from the Centralized Key Manager Server.
By the way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to protect the key
exchange. To the detail design and usage, please refer to https://github.com/trendmicro/BEE.

> Moreover, there are still much more requests about Hadoop Data Encryption (such as provide
standalone module, support KMIP...etc.), if anyone has interested in those features, pleas
let us know. 
> Ps. Because this patch based on HADOOP-9331, please use patch HADOOP-9333, and HADOOP-9332
and before use our patch HADOOP-10528.patch.

This message was sent by Atlassian JIRA

View raw message