hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Purtell <apurt...@apache.org>
Subject Re: Encrypting the Kepstore password in hbase configuration file.
Date Fri, 25 Jul 2014 20:54:57 GMT
If we encrypt the password in the configuration file, where will we store
the key to decrypt it?

Protect the configuration file with restrictive file permissions. Or, you
can specify a separate file that contains the keystore password (...
?passwordFile=...) and protect that file with restrictive filesystem
permissions.


On Fri, Jul 25, 2014 at 1:19 AM, Nijel s f <nijel.sf@huawei.com> wrote:

> Hi,
>
> To Configure encryption for Hfile and WAL file the following configuration
> is used.
>
> <property>
>     <name>hbase.crypto.keyprovider.parameters</name>
>
> <value>jceks:///path/to/hbase/conf/hbase.jks?password=<password></value>
> </property>
>
> Here the password is plain text.
>
> It is common practice to encrypt the password in configuration files.
>
> Is there any option to do this in HBase ?
> If not is it possible to take as an improvement ?
>
>
> Regards
> Nijel
>



-- 
Best regards,

   - Andy

Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message