Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15763 Über-JIRA: abfs phase II: Hadoop 3.3 features & fixes
  3. HADOOP-17536

ABFS: Suport for customer provided encryption key

    XMLWordPrintableJSON

Details

    Description

      The data for a particular customer needs to be encrypted on account level. At server side the APIs will start accepting the encryption key as part of request headers. The data will be encrypted/decrypted with the given key at the server. 

      Since the ABFS FileSystem APIs are implementations for Hadoop FileSystem APIs there is no direct way with which customer can pass the key to ABFS driver. In this case driver should have the following capabilities so that it can accept and pass the encryption key as one of the request headers. 

      1. There should be a way to configure the encryption key for different accounts.
      2. If there is a key specified for a particular account, the same needs to be sent along with the request headers. 

      Config changes 

      They key for an account can be specified in the core-site as follows. 

      fs.azure.account.client-provided-encryption-key.

      {account name}

      .dfs.core.windows.net 

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #2707

          Activity

            People

              bilahari.th Bilahari T H
              bilahari.th Bilahari T H
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 13h
                  13h