You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Wei-Chiu Chuang (JIRA)" <ji...@apache.org> on 2018/07/17 00:39:00 UTC
[jira] [Created] (HBASE-20898) Improve support for HDFS at-rest
encryption
Wei-Chiu Chuang created HBASE-20898:
---------------------------------------
Summary: Improve support for HDFS at-rest encryption
Key: HBASE-20898
URL: https://issues.apache.org/jira/browse/HBASE-20898
Project: HBase
Issue Type: Umbrella
Components: encryption
Affects Versions: 2.0.0
Environment: HBase 2 on Hadoop 2.6.0+ (HDFS at-rest encryption)
Reporter: Wei-Chiu Chuang
Assignee: Wei-Chiu Chuang
* Note * this has nothing to do with HBase's Transparent Encryption of Data At Rest.
HDFS's at rest encryption is "transparent" in that encrypt/decrypt itself doesn't require client side change. However, in practice, there re a few cases that need to be taken care of. For example, accessing KMS requires KMS delegation tokens. If HBase tools get only HDFS delegation tokens, it would fail to access files in HDFS encryption zone. Cases such as HBASE-20403 suggests in some cases HBase behaves differently in HDFS-encrypted cluster.
I propose an umbrella jira to revisit the HDFS at-rest encryption support in various HBase subcomponents and tools, add additional tests and enhance the tools as we visit them.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)