You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Ruslan Dautkhanov (JIRA)" <ji...@apache.org> on 2019/02/19 04:37:00 UTC
[jira] [Created] (HADOOP-16120) Lazily allocate KMS delegation
tokens
Ruslan Dautkhanov created HADOOP-16120:
------------------------------------------
Summary: Lazily allocate KMS delegation tokens
Key: HADOOP-16120
URL: https://issues.apache.org/jira/browse/HADOOP-16120
Project: Hadoop Common
Issue Type: Improvement
Components: kms, security
Affects Versions: 3.1.2, 2.8.5
Reporter: Ruslan Dautkhanov
We noticed that HDFS clients talk to KMS even when they try to access not encrypted databases.. Is there is a way to make HDFS clients to talk to KMS servers *only* when they need access to encrypted data? Since we will be encrypting only one database (and 50 other databases will not be encrypted), in case if KMS is down for maintenance or for some other reason, we want to limit outage only to encrypted data.
In other words, it would be great if KMS delegation toekns would be allocated lazily - on first request to encrypted data.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org