Vijay Singh created YARN-4094:

             Summary: Add Configration to support encryption of Distributed 
Cache Data
                 Key: YARN-4094
             Project: Hadoop YARN
          Issue Type: Bug
          Components: documentation
    Affects Versions: 2.7.0, 2.6.0
            Reporter: Vijay Singh
             Fix For: 2.7.2

Currently Ditributed cache does not allow mechanism to encrypt the data that 
gets copied over during processing. One attack vector is to process small files 
that contain sensitive data to use this mechanism to access contents of small 
This requests aims to counter that by providing for configuration at service 
level that lets yarn encrypt all the data that gets to cache on each node. Yarn 
components should encrypt while copying the data on to disk and decrypt during 
the processing. Lets start by leveraging the symmetric key mechanism used by 
HDFS transparent mechanism similar to DEK (Data Encryption key) that could be 
generated as part of the process.
Next step could be to setup Encryption zone key similar to transperent 
encryption mechanism.
Please suggest if there is a better way.

This message was sent by Atlassian JIRA

Reply via email to