Create a secret provider (see HADOOP-10791) that is backed by ZooKeeper and can synchronize amongst different servers.
KMS should support signing cookies with zookeeper secret manager
The secrets of auth cookies should not be specified in configuration in clear text
Authentication secret should be random by default and needs to coordinate with HA
Downgrade curator version to 2.4.1