Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-20898

Improve support for HDFS at-rest encryption

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Umbrella
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0
    • Fix Version/s: None
    • Component/s: encryption
    • Labels:
      None
    • Environment:

      HBase 2 on Hadoop 2.6.0+ (HDFS at-rest encryption)

      Description

      • Note * this has nothing to do with HBase's Transparent Encryption of Data At Rest.

      HDFS's at rest encryption is "transparent" in that encrypt/decrypt itself doesn't require client side change. However, in practice, there re a few cases that need to be taken care of. For example, accessing KMS requires KMS delegation tokens. If HBase tools get only HDFS delegation tokens, it would fail to access files in HDFS encryption zone. Cases such as HBASE-20403 suggests in some cases HBase behaves differently in HDFS-encrypted cluster.

      I propose an umbrella jira to revisit the HDFS at-rest encryption support in various HBase subcomponents and tools, add additional tests and enhance the tools as we visit them.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              weichiu Wei-Chiu Chuang
              Reporter:
              weichiu Wei-Chiu Chuang

              Dates

              • Created:
                Updated:

                Issue deployment