[jira] [Updated] (DRILL-6662) Access AWS access key ID and secret access key using Credential Provider API for S3 storage plugin
[ https://issues.apache.org/jira/browse/DRILL-6662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bridget Bevens updated DRILL-6662: -- Labels: doc-complete ready-to-commit (was: doc-impacting ready-to-commit) > Access AWS access key ID and secret access key using Credential Provider API > for S3 storage plugin > -- > > Key: DRILL-6662 > URL: https://issues.apache.org/jira/browse/DRILL-6662 > Project: Apache Drill > Issue Type: Improvement >Reporter: Bohdan Kazydub >Assignee: Bohdan Kazydub >Priority: Major > Labels: doc-complete, ready-to-commit > Fix For: 1.15.0 > > > Hadoop provides [CredentialProvider > API|[https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html]] > which allows passwords and other sensitive secrets to be stored in an > external provider rather than in configuration files in plaintext. > Currently S3 storage plugin is accessing passwords, namely > 'fs.s3a.access.key' and 'fs.s3a.secret.key', stored in clear text in > Configuration with get() method. To give users an ability to remove clear > text passwords for S3 from configuration files Configuration.getPassword() > method should be used, given they configure > 'hadoop.security.credential.provider.path' property which points to a file > containing encrypted passwords instead of configuring two aforementioned > properties. > By using this approach, credential providers will be checked first and if the > secret is not provided or providers are not configured there will be a > fallback to secrets configured in clear text (unless > 'hadoop.security.credential.clear-text-fallback' is configured to be > "false"), thus making new change backwards-compatible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6662) Access AWS access key ID and secret access key using Credential Provider API for S3 storage plugin
[ https://issues.apache.org/jira/browse/DRILL-6662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-6662: Labels: doc-impacting ready-to-commit (was: doc-impacting) > Access AWS access key ID and secret access key using Credential Provider API > for S3 storage plugin > -- > > Key: DRILL-6662 > URL: https://issues.apache.org/jira/browse/DRILL-6662 > Project: Apache Drill > Issue Type: Improvement >Reporter: Bohdan Kazydub >Assignee: Bohdan Kazydub >Priority: Major > Labels: doc-impacting, ready-to-commit > Fix For: 1.15.0 > > > Hadoop provides [CredentialProvider > API|[https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html]] > which allows passwords and other sensitive secrets to be stored in an > external provider rather than in configuration files in plaintext. > Currently S3 storage plugin is accessing passwords, namely > 'fs.s3a.access.key' and 'fs.s3a.secret.key', stored in clear text in > Configuration with get() method. To give users an ability to remove clear > text passwords for S3 from configuration files Configuration.getPassword() > method should be used, given they configure > 'hadoop.security.credential.provider.path' property which points to a file > containing encrypted passwords instead of configuring two aforementioned > properties. > By using this approach, credential providers will be checked first and if the > secret is not provided or providers are not configured there will be a > fallback to secrets configured in clear text (unless > 'hadoop.security.credential.clear-text-fallback' is configured to be > "false"), thus making new change backwards-compatible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6662) Access AWS access key ID and secret access key using Credential Provider API for S3 storage plugin
[ https://issues.apache.org/jira/browse/DRILL-6662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-6662: Labels: doc-impacting (was: ) > Access AWS access key ID and secret access key using Credential Provider API > for S3 storage plugin > -- > > Key: DRILL-6662 > URL: https://issues.apache.org/jira/browse/DRILL-6662 > Project: Apache Drill > Issue Type: Improvement >Reporter: Bohdan Kazydub >Assignee: Bohdan Kazydub >Priority: Major > Labels: doc-impacting > Fix For: 1.15.0 > > > Hadoop provides [CredentialProvider > API|[https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html]] > which allows passwords and other sensitive secrets to be stored in an > external provider rather than in configuration files in plaintext. > Currently S3 storage plugin is accessing passwords, namely > 'fs.s3a.access.key' and 'fs.s3a.secret.key', stored in clear text in > Configuration with get() method. To give users an ability to remove clear > text passwords for S3 from configuration files Configuration.getPassword() > method should be used, given they configure > 'hadoop.security.credential.provider.path' property which points to a file > containing encrypted passwords instead of configuring two aforementioned > properties. > By using this approach, credential providers will be checked first and if the > secret is not provided or providers are not configured there will be a > fallback to secrets configured in clear text (unless > 'hadoop.security.credential.clear-text-fallback' is configured to be > "false"), thus making new change backwards-compatible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6662) Access AWS access key ID and secret access key using Credential Provider API for S3 storage plugin
[ https://issues.apache.org/jira/browse/DRILL-6662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arina Ielchiieva updated DRILL-6662: Fix Version/s: 1.15.0 > Access AWS access key ID and secret access key using Credential Provider API > for S3 storage plugin > -- > > Key: DRILL-6662 > URL: https://issues.apache.org/jira/browse/DRILL-6662 > Project: Apache Drill > Issue Type: Improvement >Reporter: Bohdan Kazydub >Assignee: Bohdan Kazydub >Priority: Major > Fix For: 1.15.0 > > > Hadoop provides [CredentialProvider > API|[https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html]] > which allows passwords and other sensitive secrets to be stored in an > external provider rather than in configuration files in plaintext. > Currently S3 storage plugin is accessing passwords, namely > 'fs.s3a.access.key' and 'fs.s3a.secret.key', stored in clear text in > Configuration with get() method. To give users an ability to remove clear > text passwords for S3 from configuration files Configuration.getPassword() > method should be used, given they configure > 'hadoop.security.credential.provider.path' property which points to a file > containing encrypted passwords instead of configuring two aforementioned > properties. > By using this approach, credential providers will be checked first and if the > secret is not provided or providers are not configured there will be a > fallback to secrets configured in clear text (unless > 'hadoop.security.credential.clear-text-fallback' is configured to be > "false"), thus making new change backwards-compatible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (DRILL-6662) Access AWS access key ID and secret access key using Credential Provider API for S3 storage plugin
[ https://issues.apache.org/jira/browse/DRILL-6662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pritesh Maker updated DRILL-6662: - Reviewer: Arina Ielchiieva > Access AWS access key ID and secret access key using Credential Provider API > for S3 storage plugin > -- > > Key: DRILL-6662 > URL: https://issues.apache.org/jira/browse/DRILL-6662 > Project: Apache Drill > Issue Type: Improvement >Reporter: Bohdan Kazydub >Assignee: Bohdan Kazydub >Priority: Major > > Hadoop provides [CredentialProvider > API|[https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html]] > which allows passwords and other sensitive secrets to be stored in an > external provider rather than in configuration files in plaintext. > Currently S3 storage plugin is accessing passwords, namely > 'fs.s3a.access.key' and 'fs.s3a.secret.key', stored in clear text in > Configuration with get() method. To give users an ability to remove clear > text passwords for S3 from configuration files Configuration.getPassword() > method should be used, given they configure > 'hadoop.security.credential.provider.path' property which points to a file > containing encrypted passwords instead of configuring two aforementioned > properties. > By using this approach, credential providers will be checked first and if the > secret is not provided or providers are not configured there will be a > fallback to secrets configured in clear text (unless > 'hadoop.security.credential.clear-text-fallback' is configured to be > "false"), thus making new change backwards-compatible. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
