[
https://issues.apache.org/jira/browse/HADOOP-10141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13853993#comment-13853993
]
Hudson commented on HADOOP-10141:
---------------------------------
SUCCESS: Integrated in Hadoop-Hdfs-trunk #1618 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1618/])
HADOOP-10141. Create KeyProvider API to separate encryption key storage
from the applications. (omalley) (omalley:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1552462)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/pom.xml
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProviderFactory.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/resources/META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
*
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
* /hadoop/common/trunk/hadoop-project/pom.xml
> Create an API to separate encryption key storage from applications
> ------------------------------------------------------------------
>
> Key: HADOOP-10141
> URL: https://issues.apache.org/jira/browse/HADOOP-10141
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Owen O'Malley
> Assignee: Owen O'Malley
> Fix For: 3.0.0
>
> Attachments: h-10141.patch, hadoop-10141.patch, hadoop-10141.patch,
> hadoop-10141.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support
> multiple key storage mechanisms that are potentially from third parties.
> An additional requirement for long term data lakes is to keep multiple
> versions of each key so that keys can be rolled periodically without
> requiring the entire data set to be re-written. Rolling keys provides
> containment in the event of keys being leaked.
> Toward that end, I propose an API that is configured using a list of URLs of
> KeyProviders. The implementation will look for implementations using the
> ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache
> in MapReduce jobs and the other using Java KeyStores from either HDFS or
> local file system.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
