Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16120

Lazily allocate KMS delegation tokens

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.8.5, 3.1.2
    • Fix Version/s: None
    • Component/s: kms, security
    • Labels:
      None

      Description

      We noticed that HDFS clients talk to KMS even when they try to access not encrypted databases.. Is there is a way to make HDFS clients to talk to KMS servers only when they need access to encrypted data? Since we will be encrypting only one database (and 50+ other much more critical production databases will not be encrypted), in case if KMS is down for maintenance or for some other reason, we want to limit outage only to encrypted data.

      In other words, it would be great if KMS delegation toekns would be allocated lazily - on first request to encrypted data.

      This could be a non-default option to lazily allocate KMS delegation tokens, to improve availability of non-encrypted data.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Tagar Ruslan Dautkhanov
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: