You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Wei-Chiu Chuang (JIRA)" <ji...@apache.org> on 2018/07/17 00:39:00 UTC

[jira] [Created] (HBASE-20898) Improve support for HDFS at-rest encryption

Wei-Chiu Chuang created HBASE-20898:
---------------------------------------

             Summary: Improve support for HDFS at-rest encryption
                 Key: HBASE-20898
                 URL: https://issues.apache.org/jira/browse/HBASE-20898
             Project: HBase
          Issue Type: Umbrella
          Components: encryption
    Affects Versions: 2.0.0
         Environment: HBase 2 on Hadoop 2.6.0+ (HDFS at-rest encryption)
            Reporter: Wei-Chiu Chuang
            Assignee: Wei-Chiu Chuang


* Note * this has nothing to do with HBase's Transparent Encryption of Data At Rest.

HDFS's at rest encryption is "transparent" in that encrypt/decrypt itself doesn't require client side change. However, in practice, there re a few cases that need to be taken care of. For example, accessing KMS requires KMS delegation tokens. If HBase tools get only HDFS delegation tokens, it would fail to access files in HDFS encryption zone. Cases such as HBASE-20403 suggests in some cases HBase behaves differently in HDFS-encrypted cluster.

I propose an umbrella jira to revisit the HDFS at-rest encryption support in various HBase subcomponents and tools, add additional tests and enhance the tools as we visit them.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)