Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
4.0.0
-
None
-
None
Description
This was pointed out by vihangk1 as part of the review for HIVE-20992.
As part of the redaction of the javax.jdo.option.ConnectionPassword and metastore.dbaccess.ssl.truststore.password properties, they both use the Hadoop Credential Provider API to prevent the passwords from being stored in plain text.
However, these are both being read in setConf() in ObjectStore, thereby calling the expensive decrypt during every new database connection initialization despite these values almost never changing.
We should instead move these reads into the PersistenceManagerFactory initPMF() method and cache their values so they are only read once when the HMS starts.