hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Purtell <apurt...@apache.org>
Subject Re: hbase 'transparent encryption' feature is production ready or not?
Date Fri, 03 Jun 2016 00:59:18 GMT
> We heard from various sources that it is not production ready before.

​Said by whom, specifically? ​

​> During our tests, we do find out it works not very stable, but probably
due to our lack of experience of this feature.

If you have something repeatable, please consider filing a JIRA to report
the problem.

> And, we now save the encryption key in the disk, so we were wondering,
this is something not secure.

Data keys are encrypted with a master key which must be protected. The out
of the box key provider stores the master key in a local keystore. That's
not sufficient protection. In a production environment you will want to use
a HSM. Most (all?) HSMs support the keystore API. If that is not
sufficient, our KeyProvider API is extensible for the solution you choose
to employ in production.

​Have you looked at HDFS transparent encryption?
https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html
Because it works at the HDFS layer it's a more general solution. Be careful
what version of Hadoop you use if opting for HDFS TDE, though. Pick the
most recent release. Slightly older versions (like 2.6.0) had fatal bugs if
used in conjunction with HBase.



On Thu, Jun 2, 2016 at 5:52 PM, Liu, Ming (Ming) <ming.liu@esgyn.cn> wrote:

> Hi, all,
>
> We are trying to deploy the 'transparent encryption' feature of HBase ,
> described in HBase reference guide:
> https://hbase.apache.org/book.html#hbase.encryption.server  , in our
> product.
> We heard from various sources that it is not production ready before.
>
> During our tests, we do find out it works not very stable, but probably
> due to our lack of experience of this feature. It works sometime, sometimes
> not work, and retry the same configuration, it work again. We were using
> HBase 1.0.
>
> Could anyone give us some information that this feature is already stable
> and can be used in a production environment?
>
> And, we now save the encryption key in the disk, so we were wondering,
> this is something not secure. Since the key is at same place with data,
> anyone can decode the data because if he/she can access the data, he/she
> can access the key as well. Is there any best practice about how to manage
> the key?
>
> Thanks,
> Ming
>
>


-- 
Best regards,

   - Andy

Problems worthy of attack prove their worth by hitting back. - Piet Hein
(via Tom White)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message