Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


We recommend that in order for CDAP to be secure, CDAP security should always be used in conjunction with secure Hadoop clusters. In cases where secure Hadoop is not or cannot be used, it is inherently insecure and any applications running on the cluster are effectively "trusted”. Although there is still value in having perimeter security, authorization enforcement, and secure storage in that situation, whenever possible a secure Hadoop cluster should be employed with CDAP security.


  • cdap-site.xml has non-sensitive information, such as the type of authentication, authorization, and secure storage mechanisms, and their configuration.

  • cdap-security.xml is used to store sensitive information such as keystore passwords and SSL certificate keys. It should be owned and readable only by the CDAP user.

These files are shown in Appendix: cdap-site.xml, cdap-default.xml, and Appendix: cdap-security.xml.