As with the filesystem API, we need to provide a generic mechanism to support multiple credential storage mechanisms that are potentially from third parties.
We need the ability to eliminate the storage of passwords and secrets in clear text within configuration files or within code.
Toward that end, I propose an API that is configured using a list of URLs of CredentialProviders. The implementation will look for implementations using the ServiceLoader interface and thus support third party libraries.
Two providers will be included in this patch. One using the credentials cache in MapReduce jobs and the other using Java KeyStores from either HDFS or local file system.
A CredShell CLI will also be included in this patch which provides the ability to manage the credentials within the stores.