HDFS encryption at Rest
In this recipe, we will look at transparent HDFS encryption, which is encryption of data at rest. A typical use case could be a cluster used by a financial domain and others within a company using HDFS to store critical data.
The concept involves Key Management Server (KMS), which provides keys and encryption zones that secure data using the key. To access data, we need the key and data from the encrypted zone that cannot be moved to nonencrypted zones without a proper key.
Getting ready
To step through the recipe in this section, we need Hadoop cluster configured with HDFS at least. The changes can be done on one node and then the modified files copied across all nodes in the cluster.
How to do it...
- Connect to the master node in the cluster; we are using the
nn1.cluster1.comnode. - Switch to user
hadooporrootand make all the changes, as shown in the following steps. - Edit the file /
opt/cluster/hadoop/etc/hadoop/core-site.xmland enable the KMS store by adding the following...
