[
https://issues.apache.org/jira/browse/YARN-4094?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated YARN-4094:
-----------------------------------
Target Version/s: (was: 2.6.0, 2.7.1)
> Add Configration to support encryption of Distributed Cache Data
> ----------------------------------------------------------------
>
> Key: YARN-4094
> URL: https://issues.apache.org/jira/browse/YARN-4094
> Project: Hadoop YARN
> Issue Type: Bug
> Components: documentation
> Affects Versions: 2.6.0, 2.7.0
> Reporter: Vijay Singh
>
> Currently Ditributed cache does not allow mechanism to encrypt the data that
> gets copied over during processing. One attack vector is to process small
> files that contain sensitive data to use this mechanism to access contents of
> small files.
> This requests aims to counter that by providing for configuration at service
> level that lets yarn encrypt all the data that gets to cache on each node.
> Yarn components should encrypt while copying the data on to disk and decrypt
> during the processing. Lets start by leveraging the symmetric key mechanism
> used by HDFS transparent mechanism similar to DEK (Data Encryption key) that
> could be generated as part of the process.
> Next step could be to setup Encryption zone key similar to transperent
> encryption mechanism.
> Please suggest if there is a better way.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
