[
https://issues.apache.org/jira/browse/HADOOP-15839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16645248#comment-16645248
]
Thomas Marquardt commented on HADOOP-15839:
-------------------------------------------
I am not familiar with hadoop.security.sensitive-config-keys. What does it
do? Seems it would be better to use a key vault. Next best alternative would
be using XML mark-up to identify and encrypt the sensitive keys, for example,
use <secureProperty> instead of <property>.
For ADL, WASB, and ABFS the sensitive keys include those with "oauth" and
"account" in the configuration property names. The regex that you are
currently using do not catch all of them.
> Review + update cloud store sensitive keys in
> hadoop.security.sensitive-config-keys
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-15839
> URL: https://issues.apache.org/jira/browse/HADOOP-15839
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: conf
> Affects Versions: 3.2.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
> Fix For: 3.2.0, 3.1.2
>
> Attachments: HADOOP-15839-001.patch
>
>
> Make sure that {{hadoop.security.sensitive-config-keys}} is up to date with
> all cloud store options, including
> h3. s3a:
> * s3a per-bucket secrets
> * s3a session tokens
> h3: abfs
> * {{fs.azure.account.oauth2.client.secret}}
> h3. adls
> fs.adl.oauth2.credential
> fs.adl.oauth2.refresh.token
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
