Return-Path: 
 <hdfs-dev-return-19101-apmail-hadoop-hdfs-dev-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B5AA117712
	for <apmail-hadoop-hdfs-dev-archive@minotaur.apache.org>;
 Fri, 19 Jun 2015 09:07:35 +0000 (UTC)
Received: (qmail 59924 invoked by uid 500); 19 Jun 2015 09:07:34 -0000
Delivered-To: apmail-hadoop-hdfs-dev-archive@hadoop.apache.org
Received: (qmail 59823 invoked by uid 500); 19 Jun 2015 09:07:34 -0000
Mailing-List: contact hdfs-dev-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-dev-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-dev-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-dev@hadoop.apache.org>
List-Id: <hdfs-dev.hadoop.apache.org>
Reply-To: hdfs-dev@hadoop.apache.org
Delivered-To: mailing list hdfs-dev@hadoop.apache.org
Received: (qmail 59810 invoked by uid 99); 19 Jun 2015 09:07:34 -0000
Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Jun 2015 09:07:34 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id 31757CEF76
	for <hdfs-dev@hadoop.apache.org>; Fri, 19 Jun 2015 09:07:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.898
X-Spam-Level: **
X-Spam-Status: No, score=2.898 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id 4HXtmHAWYfLN for <hdfs-dev@hadoop.apache.org>;
	Fri, 19 Jun 2015 09:07:33 +0000 (UTC)
Received: from mail-ie0-f178.google.com (mail-ie0-f178.google.com
 [209.85.223.178])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id 5936724971
	for <hdfs-dev@hadoop.apache.org>; Fri, 19 Jun 2015 09:07:33 +0000 (UTC)
Received: by iefd2 with SMTP id d2so14547640ief.2
        for <hdfs-dev@hadoop.apache.org>;
 Fri, 19 Jun 2015 02:07:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=vyQxep225DZhTNSJoaq1TGYqHjwmmFY5sw5RTwkORq0=;
        b=G9uMPiVPPDs6YXXY5Cz57RA1iJIg/ZBMuFl3/R99J+A8WGQHLV6AwpSgfKvqILCVIr
         em3f5cuEE7vnWBAN/Be+YTiLEyfAgIilUMVpcBsG75jkREdH12n57Hmjat6FVMIbahr8
         cQ+OCrHujLF3/157DFXZU4TupBc0+moOQyfAFY5Ar40Q33qc7yphyW95YZB1BXsv3ifc
         ugOrHsCQ2Qftrl/+mqgqdieQ+/cYlixjBLO1ntCrTD+ZK+gODjVaPOe9WRCw67x7ekC+
         cAR9E09gX3htSb6O6CFxyOfIOZUn2jaLozZC98eSsi8JO9UYzdMvMJa0wilMrbeoKvuU
         oC0g==
MIME-Version: 1.0
X-Received: by 10.107.19.75 with SMTP id b72mr14675926ioj.26.1434704852733;
 Fri, 19 Jun 2015 02:07:32 -0700 (PDT)
Received: by 10.36.136.77 with HTTP; Fri, 19 Jun 2015 02:07:32 -0700 (PDT)
In-Reply-To: 
 <CAGCyb56sMuQKPSDWtUJtX8nUT2c_LN_kLat8daqZWN4UVWMPkw@mail.gmail.com>
References: 
 <CAMnjchnsh41OgfLd9jXYO4YyzX3Bmktwc_98rm+Kz7xgjsgPFQ@mail.gmail.com>
	<CAGCyb56sMuQKPSDWtUJtX8nUT2c_LN_kLat8daqZWN4UVWMPkw@mail.gmail.com>
Date: Fri, 19 Jun 2015 14:37:32 +0530
Message-ID: 
 <CAMnjchkw0g8E2cNLm_ggPh-yJ0wmnFduS+wzpTubXgRHX5yymg@mail.gmail.com>
Subject: Re: Retrieving keys via KMS from map/reduce phase.
From: Sitaraman Vilayannur <vrsitaramanietflists@gmail.com>
To: hdfs-dev@hadoop.apache.org
Content-Type: multipart/alternative; boundary=001a113ee0501ad57d0518db41b7

--001a113ee0501ad57d0518db41b7
Content-Type: text/plain; charset=UTF-8

Thanks for the info Arun. I asked this question for a custom application of
mine wherein i
need to retrieve the key from MapReduce code. Is there a way that i can
replicate my keyprovider across
the data nodes and then access the local key provider from MR code at each
data node? If so what
method would be recommended to do this.
Sitaraman

On Fri, Jun 19, 2015 at 11:56 AM, Arun Suresh <asuresh@apache.org> wrote:

> You really do not need to talk to the KMS directly from the MR code.. The
> MR framework and the DFSClient will automatically decrypt for you when the
> mappers are reading a file (one of the reasons why this is called
> "transparent" data encryption). Similarly, files that are written to an
> output directory will be encrypted with the required key (if the output
> directory is contained within an encryption zone).
>
> But ofcourse, there is nothing stopping you from talking to the KMS
> directly from java code (using the KMSClientProvider). But most KMS
> deployments would restrict create key operations etc. for non-admin users.
>
> On Thu, Jun 18, 2015 at 6:56 PM, Sitaraman Vilayannur <
> vrsitaramanietflists@gmail.com> wrote:
>
> > Hi,
> >
> >   Using the key management system  will i be able to store  a set of keys
> > in my keystore and then retrieve those keys later based on their aliases
> > from within the map/reduce phase to do my encyrption/decryption
> activities
> > from map reduce?
> >
> > Thanks
> >
> > Sitaraman
> >
>

--001a113ee0501ad57d0518db41b7--