drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bohdan Kazydub <bohdan.kazy...@gmail.com>
Subject [DISCUSS] Add Hadoop Credentials API support for Drill S3 storage plugin
Date Thu, 02 Aug 2018 18:24:35 GMT
Hi all,

Currently, to access S3A filesystem, `fs.s3a.secret.key` and
`fs.s3a.access.key` properties should be configured either in S3 Storage
Plugin or in core-site.xml in plaintext. This approach is considered
unsecure. To eliminate a need to store passwords in plaintext,
CredentialProvider API [1] may be used to extract secret keys from
encrypted store.

Here is a document with implementation details:
https://docs.google.com/document/d/1ow4v5HOh0qJh-5KsZHqSjohM2ukGSayEd9360tHZZvo/edit#
.
And here is an open issue for the improvement:
https://issues.apache.org/jira/browse/DRILL-6662

Any thoughts?

[1]
https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html

Kind regards,
Bohdan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message