Github user vanzin commented on a diff in the pull request: https://github.com/apache/spark/pull/21548#discussion_r196976257 --- Diff: docs/security.md --- @@ -446,6 +446,18 @@ replaced with one of the above namespaces. </tr> </table> +Spark also supports retrieving `${ns}.keyPassword`, `${ns}.keyStorePassword` and `${ns}.trustStorePassword` from +[Hadoop Credential Providers](https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html). +User could store password into credential file and make it accessible by different components, like: + +``` +hadoop credential create spark.ssl.keyPassword -value password \ + -provider jceks://h...@nn1.example.com:9001/user/backup/ssl.jceks +``` + +In the meantime, adding configuration "hadoop.security.credential.provider.path=jceks://h...@nn1.example.com:9001/user/backup/ssl.jceks" --- End diff -- Rephrase: "To configure the location of the credential provider, set the `hadoop.security.credential.provider.path` config option in the Hadoop configuration used by Spark." Your example also kinda looks like a Spark config (which would be "spark.hadoop.blah"), since Hadoop configs are generally in XML.
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org