You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Brahma Reddy Battula (Jira)" <ji...@apache.org> on 2022/12/20 18:34:00 UTC
[jira] [Commented] (SPARK-24518) Using Hadoop credential provider API to store password
[ https://issues.apache.org/jira/browse/SPARK-24518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17649927#comment-17649927 ]
Brahma Reddy Battula commented on SPARK-24518:
----------------------------------------------
{quote}Hadoop credential provider API support storing password in a secure way, in which Spark could read it in a secure way, so here propose to add support of using credential provider API to get password.
{quote}
One query on this.We've hive-jceks file which is used by hive. Spark will load hive-site.xml there provioder file permissions are 640 and its fail.
Password should be stored in jceks file which needs to have read access for all..? and can spark overide this config.?
> Using Hadoop credential provider API to store password
> ------------------------------------------------------
>
> Key: SPARK-24518
> URL: https://issues.apache.org/jira/browse/SPARK-24518
> Project: Spark
> Issue Type: Improvement
> Components: Spark Core
> Affects Versions: 2.3.0
> Reporter: Saisai Shao
> Assignee: Saisai Shao
> Priority: Minor
> Fix For: 2.4.0
>
>
> Current Spark configs password in a plaintext way, like putting in the configuration file or adding as a launch arguments, sometimes such configurations like SSL password is configured by cluster admin, which should not be seen by user, but now this passwords are world readable to all the users.
> Hadoop credential provider API support storing password in a secure way, in which Spark could read it in a secure way, so here propose to add support of using credential provider API to get password.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org