To add to Andrew's respons and to this specific part of the question: "It is common practice to encrypt the password in configuration files." I will say yes. Sqoop also is doing the same. You can specify a file where the password is stored, and then protect this file, using --password-file. At some point, this need to be stored somewhere, expect if you use some specific external framework to manage that.
2014-07-25 16:54 GMT-04:00 Andrew Purtell <[email protected]>: > If we encrypt the password in the configuration file, where will we store > the key to decrypt it? > > Protect the configuration file with restrictive file permissions. Or, you > can specify a separate file that contains the keystore password (... > ?passwordFile=...) and protect that file with restrictive filesystem > permissions. > > > On Fri, Jul 25, 2014 at 1:19 AM, Nijel s f <[email protected]> wrote: > > > Hi, > > > > To Configure encryption for Hfile and WAL file the following > configuration > > is used. > > > > <property> > > <name>hbase.crypto.keyprovider.parameters</name> > > > > <value>jceks:///path/to/hbase/conf/hbase.jks?password=<password></value> > > </property> > > > > Here the password is plain text. > > > > It is common practice to encrypt the password in configuration files. > > > > Is there any option to do this in HBase ? > > If not is it possible to take as an improvement ? > > > > > > Regards > > Nijel > > > > > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White) >
