hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Marc Spaggiari <jean-m...@spaggiari.org>
Subject Re: Encrypting the Kepstore password in hbase configuration file.
Date Sat, 26 Jul 2014 01:04:04 GMT
To add to Andrew's respons and to this specific part of the question:
"It is common practice to encrypt the password in configuration files."
I will say yes. Sqoop also is doing the same. You can specify a file where
the password is stored, and then protect this file, using --password-file.
At some point, this need to be stored somewhere, expect if you use some
specific external framework to manage that.


2014-07-25 16:54 GMT-04:00 Andrew Purtell <apurtell@apache.org>:

> If we encrypt the password in the configuration file, where will we store
> the key to decrypt it?
>
> Protect the configuration file with restrictive file permissions. Or, you
> can specify a separate file that contains the keystore password (...
> ?passwordFile=...) and protect that file with restrictive filesystem
> permissions.
>
>
> On Fri, Jul 25, 2014 at 1:19 AM, Nijel s f <nijel.sf@huawei.com> wrote:
>
> > Hi,
> >
> > To Configure encryption for Hfile and WAL file the following
> configuration
> > is used.
> >
> > <property>
> >     <name>hbase.crypto.keyprovider.parameters</name>
> >
> > <value>jceks:///path/to/hbase/conf/hbase.jks?password=<password></value>
> > </property>
> >
> > Here the password is plain text.
> >
> > It is common practice to encrypt the password in configuration files.
> >
> > Is there any option to do this in HBase ?
> > If not is it possible to take as an improvement ?
> >
> >
> > Regards
> > Nijel
> >
>
>
>
> --
> Best regards,
>
>    - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message