Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9331 Hadoop crypto codec framework and crypto codec implementations
  3. HADOOP-10528

A TokenKeyProvider for a Centralized Key Manager Server (BEE: bee-key-manager)

Add voteVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security

    Description

      This is a key provider based on HADOOP-9331. HADOOP-9331 has designed a complete Hadoop crypto codec framework, but the key can only be retrieved from a local Java KeyStore file. To the convenience, we design a Centralized Key Manager Server (BEE: bee-key-manager) and user can use this TokenKeyProvider to retrieve keys from the Centralized Key Manager Server. By the way, to secure the key exchange, we leverage HTTPS + SPNego/SASL to protect the key exchange. To the detail design and usage, please refer to https://github.com/trendmicro/BEE.

      Moreover, there are still much more requests about Hadoop Data Encryption (such as provide standalone module, support KMIP...etc.), if anyone has interested in those features, pleas let us know.

      Ps. Because this patch based on HADOOP-9331, please use patch HADOOP-9333, and HADOOP-9332 and before use our patch HADOOP-10528.patch.

      Attachments

        1. HADOOP-10528.patch
          83 kB
          howie yu

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            howieyu howie yu

            Dates

              Created:
              Updated:

              Slack

                Issue deployment