[
https://issues.apache.org/jira/browse/FALCON-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ying Zheng updated FALCON-1919:
-------------------------------
Description:
Sensitive data, e.g. SSL keystore password, SMTP user name and password, Azure
service bus SAS key, ActiveMQ server password, etc., are stored as plain text
in startup.properties. This JIRA is to provide the user an option to store
these sensitive data with Hadoop credential provider for better security.
The property key of the alias to be resolved through Hadoop credential provider
should have the format: hadoop.security.alias.[property-key]. For example, if
the alias name for keystore password is "keystorepwd", the user should add
"hadoop.security.alias.keystore.password=keystorepwd" in startup.properties.
The user can specify the provider path with property key
"hadoop.security.credential.provider.path". Falcon will use the default
provider path in core-site.xml if not specified in startup.properties.
Note that Falcon will only try to resolve alias if the property value is not
set directly in startup.properties.
was:
Sensitive data, e.g. SSL keystore password, SMTP user name and password, Azure
service bus SAS key, ActiveMQ server password, etc., are stored as plain text
in startup.properties. This JIRA is to provide the user an option to store
these sensitive data with Hadoop credential provider for better security.
The property key of the alias to be resolved through Hadoop credential provider
should have the format: *.hadoop.security.alias.[property-key]. For example, if
the alias name for keystore password is "keystorepwd", the user should add
"*.hadoop.security.alias.keystore.password=keystorepwd" in startup.properties.
The user can specify the provider path with property key
"*.hadoop.security.credential.provider.path". Falcon will use the default
provider path in core-site.xml if not specified in startup.properties.
Note that Falcon will only try to resolve alias if the property value is not
set directly in startup.properties.
> Provide user the option to store sensitive information with Hadoop credential
> provider
> --------------------------------------------------------------------------------------
>
> Key: FALCON-1919
> URL: https://issues.apache.org/jira/browse/FALCON-1919
> Project: Falcon
> Issue Type: Improvement
> Reporter: Ying Zheng
> Assignee: Ying Zheng
>
> Sensitive data, e.g. SSL keystore password, SMTP user name and password,
> Azure service bus SAS key, ActiveMQ server password, etc., are stored as
> plain text in startup.properties. This JIRA is to provide the user an option
> to store these sensitive data with Hadoop credential provider for better
> security.
> The property key of the alias to be resolved through Hadoop credential
> provider should have the format: hadoop.security.alias.[property-key]. For
> example, if the alias name for keystore password is "keystorepwd", the user
> should add "hadoop.security.alias.keystore.password=keystorepwd" in
> startup.properties.
> The user can specify the provider path with property key
> "hadoop.security.credential.provider.path". Falcon will use the default
> provider path in core-site.xml if not specified in startup.properties.
> Note that Falcon will only try to resolve alias if the property value is not
> set directly in startup.properties.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
