If we encrypt the password in the configuration file, where will we store the key to decrypt it?
Protect the configuration file with restrictive file permissions. Or, you can specify a separate file that contains the keystore password (... ?passwordFile=...) and protect that file with restrictive filesystem permissions. On Fri, Jul 25, 2014 at 1:19 AM, Nijel s f <[email protected]> wrote: > Hi, > > To Configure encryption for Hfile and WAL file the following configuration > is used. > > <property> > <name>hbase.crypto.keyprovider.parameters</name> > > <value>jceks:///path/to/hbase/conf/hbase.jks?password=<password></value> > </property> > > Here the password is plain text. > > It is common practice to encrypt the password in configuration files. > > Is there any option to do this in HBase ? > If not is it possible to take as an improvement ? > > > Regards > Nijel > -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
