[ https://issues.apache.org/jira/browse/YARN-4094?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vijay Singh updated YARN-4094: ------------------------------ Component/s: yarn > Add Configration to support encryption of Distributed Cache Data > ---------------------------------------------------------------- > > Key: YARN-4094 > URL: https://issues.apache.org/jira/browse/YARN-4094 > Project: Hadoop YARN > Issue Type: Bug > Components: documentation, yarn > Affects Versions: 2.6.0, 2.7.0 > Reporter: Vijay Singh > > Currently Ditributed cache does not allow mechanism to encrypt the data that > gets copied over during processing. One attack vector is to process small > files that contain sensitive data to use this mechanism to access contents of > small files. > This requests aims to counter that by providing for configuration at service > level that lets yarn encrypt all the data that gets to cache on each node. > Yarn components should encrypt while copying the data on to disk and decrypt > during the processing. Lets start by leveraging the symmetric key mechanism > used by HDFS transparent mechanism similar to DEK (Data Encryption key) that > could be generated as part of the process. > Next step could be to setup Encryption zone key similar to transperent > encryption mechanism. > Please suggest if there is a better way. -- This message was sent by Atlassian JIRA (v6.3.4#6332)