You really do not need to talk to the KMS directly from the MR code.. The
MR framework and the DFSClient will automatically decrypt for you when the
mappers are reading a file (one of the reasons why this is called
"transparent" data encryption). Similarly, files that are written to an
output directory will be encrypted with the required key (if the output
directory is contained within an encryption zone).

But ofcourse, there is nothing stopping you from talking to the KMS
directly from java code (using the KMSClientProvider). But most KMS
deployments would restrict create key operations etc. for non-admin users.

On Thu, Jun 18, 2015 at 6:56 PM, Sitaraman Vilayannur <
vrsitaramanietfli...@gmail.com> wrote:

> Hi,
>
>   Using the key management system  will i be able to store  a set of keys
> in my keystore and then retrieve those keys later based on their aliases
> from within the map/reduce phase to do my encyrption/decryption activities
> from map reduce?
>
> Thanks
>
> Sitaraman
>

Reply via email to