...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Setting up the secure store
There are a couple of providers that implement the SecureStore and SecureStoreManager interfaces
...
To pick the provider the following property needs to be set, the value could either be "kms" for Hadoop KMS based provider or "file" of Java JCEKS based provider. Both without quotes.
<property>
<name>security.store.provider</name>
<value>kms</value>
<description>
Backend provider for the secure store
</description>
</property>
If the cluster is set to use kerberos for authentication, then etc/hadoop/kms-acls.xml needs to be updated to include users with appropriate permissions. For more details on how to edit that file please look at Hadoop Key Management Server.
...
If the JCEKS based provider is selected, the path and the filename of the backing file can be configured using
<property>
<name>security.store.file.path</name>
<value>${local.data.dir}/store</value>
<description>
Location of the encrypted file which holds the secure store entries
</description>
</property>
and
<property>
<name>security.store.file.name</name>
<value>securestore</value>
<description>
Name of the secure store file
</description>
</property>
Accessing the store
There are two APIs that enable writing to and reading from the store.
...