[GitHub] [ozone] duongkame commented on a diff in pull request #4194: HDDS-7734. Implement symmetric SecretKeys lifescycle management in SCM

Thu, 02 Feb 2023 13:49:11 -0800 


duongkame commented on code in PR #4194:
URL: https://github.com/apache/ozone/pull/4194#discussion_r1095118376


##########
hadoop-hdds/common/src/main/resources/ozone-default.xml:
##########
@@ -3523,4 +3523,49 @@
       Interval in MINUTES by Recon to request SCM DB Snapshot.
     </description>
   </property>
+  <property>
+    <name>hdds.secret.key.file.name</name>
+    <value>secret_keys.json</value>
+    <tag>SCM, SECURITY</tag>
+    <description>
+      Name of file which stores symmetric secret keys for token signatures.
+    </description>
+  </property>
+  <property>
+    <name>hdds.secret.key.expiry.duration</name>
+    <value>P7D</value>
+    <tag>SCM, SECURITY</tag>
+    <description>
+      The duration for which symmetric secret keys issued by SCM are valid.
+      The formats accepted are based on the ISO-8601 duration format 
PnDTnHnMn.nS
+    </description>
+  </property>
+  <property>
+    <name>hdds.secret.key.rotate.duration</name>
+    <value>P1D</value>
+    <tag>SCM, SECURITY</tag>
+    <description>
+      The duration that SCM periodically generate a new symmetric secret keys.
+      The formats accepted are based on the ISO-8601 duration format 
PnDTnHnMn.nS
+    </description>
+  </property>
+  <property>
+    <name>hdds.secret.key.rotate.check.duration</name>
+    <value>PT10M</value>
+    <tag>SCM, SECURITY</tag>
+    <description>
+      The duration that SCM periodically checks if it's time to generate new 
symmetric secret keys.
+      This must be smaller than hdds.secret.key.rotate.duration.
+      The formats accepted are based on the ISO-8601 duration format 
PnDTnHnMn.nS
+    </description>
+  </property>
+  <property>
+    <name>hdds.secret.key.algorithm</name>
+    <value>HmacSHA256</value>
+    <tag>SCM, SECURITY</tag>
+    <description>
+      The algorithm that SCM uses to generate symmetric secret keys.
+      The formats accepted are based on the ISO-8601 duration format 
PnDTnHnMn.nS

Review Comment:
   It's updated.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to