[
https://issues.apache.org/jira/browse/KUDU-3373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17545659#comment-17545659
]
ASF subversion and git services commented on KUDU-3373:
-------------------------------------------------------
Commit abe2a73cdbe6438e34f825594d66aec53a329840 in kudu's branch
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=abe2a73cd ]
KUDU-3373 Key provider interface
Kudu's server keys need to be encrypted on the servers, otherwise its
broken, as an attacker who can access Kudu's disks, can easily steal the
server keys used to encrypt the file keys. The cluster key, which will
be used to encrypt/decrypt the server keys, will live outside the
cluster. This commit introduces a key provider interface to
encrypt/decrypt server keys, with a reference (test-only) implementation
which uses memfrob() (a GNU C function that XORs an array with 42). A
follow-up commit will introduce a production-ready implementation that
uses Apache Ranger KMS to provide the keys.
Change-Id: Ie6ccc05fb991f0fd5cbcd8a49f5b23286d1094ac
Reviewed-on: http://gerrit.cloudera.org:8080/18568
Reviewed-by: Alexey Serbin <[email protected]>
Tested-by: Attila Bukor <[email protected]>
Reviewed-by: Zoltan Chovan <[email protected]>
> Key provider interface with a default (test-only) implementation
> ----------------------------------------------------------------
>
> Key: KUDU-3373
> URL: https://issues.apache.org/jira/browse/KUDU-3373
> Project: Kudu
> Issue Type: Sub-task
> Reporter: Attila Bukor
> Assignee: Attila Bukor
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
