Hi all, Currently, to access S3A filesystem, `fs.s3a.secret.key` and `fs.s3a.access.key` properties should be configured either in S3 Storage Plugin or in core-site.xml in plaintext. This approach is considered unsecure. To eliminate a need to store passwords in plaintext, CredentialProvider API [1] may be used to extract secret keys from encrypted store.
Here is a document with implementation details: https://docs.google.com/document/d/1ow4v5HOh0qJh-5KsZHqSjohM2ukGSayEd9360tHZZvo/edit# . And here is an open issue for the improvement: https://issues.apache.org/jira/browse/DRILL-6662 Any thoughts? [1] https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html Kind regards, Bohdan
