You really do not need to talk to the KMS directly from the MR code.. The MR framework and the DFSClient will automatically decrypt for you when the mappers are reading a file (one of the reasons why this is called "transparent" data encryption). Similarly, files that are written to an output directory will be encrypted with the required key (if the output directory is contained within an encryption zone).
But ofcourse, there is nothing stopping you from talking to the KMS directly from java code (using the KMSClientProvider). But most KMS deployments would restrict create key operations etc. for non-admin users. On Thu, Jun 18, 2015 at 6:56 PM, Sitaraman Vilayannur < vrsitaramanietfli...@gmail.com> wrote: > Hi, > > Using the key management system will i be able to store a set of keys > in my keystore and then retrieve those keys later based on their aliases > from within the map/reduce phase to do my encyrption/decryption activities > from map reduce? > > Thanks > > Sitaraman >