Thanks for the info Arun. I asked this question for a custom application of mine wherein i need to retrieve the key from MapReduce code. Is there a way that i can replicate my keyprovider across the data nodes and then access the local key provider from MR code at each data node? If so what method would be recommended to do this. Sitaraman
On Fri, Jun 19, 2015 at 11:56 AM, Arun Suresh <asur...@apache.org> wrote: > You really do not need to talk to the KMS directly from the MR code.. The > MR framework and the DFSClient will automatically decrypt for you when the > mappers are reading a file (one of the reasons why this is called > "transparent" data encryption). Similarly, files that are written to an > output directory will be encrypted with the required key (if the output > directory is contained within an encryption zone). > > But ofcourse, there is nothing stopping you from talking to the KMS > directly from java code (using the KMSClientProvider). But most KMS > deployments would restrict create key operations etc. for non-admin users. > > On Thu, Jun 18, 2015 at 6:56 PM, Sitaraman Vilayannur < > vrsitaramanietfli...@gmail.com> wrote: > > > Hi, > > > > Using the key management system will i be able to store a set of keys > > in my keystore and then retrieve those keys later based on their aliases > > from within the map/reduce phase to do my encyrption/decryption > activities > > from map reduce? > > > > Thanks > > > > Sitaraman > > >
