https://community.cloudera.com/t5/Archives-of-Support-Questions/What-is-the-best-way-to-secure-S3A-objects-on-HDP-2-5/m-p/129768#M55782 Fri, 16 Sep 2022 11:10:17 GMT Eran 2022-09-16T11:10:17Z https://community.cloudera.com/t5/Archives-of-Support-Questions/What-is-the-best-way-to-secure-S3A-objects-on-HDP-2-5/m-p/129768#M55782 Fri, 16 Sep 2022 11:10:17 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/What-is-the-best-way-to-secure-S3A-objects-on-HDP-2-5/m-p/129768#M55782 Eran 2022-09-16T11:10:17Z https://community.cloudera.com/t5/Archives-of-Support-Questions/What-is-the-best-way-to-secure-S3A-objects-on-HDP-2-5/m-p/129769#M55783 <P><A rel="user" href="https://community.cloudera.com/users/111/eorgad.html" nodeid="111">@eorgad</A></P><P>To protect the S3A access/secret keys, it is recommended that you use either: </P><OL><LI>IAM role-based authentication (such as EC2 instance profile), or </LI><LI>the Hadoop Credential Provider Framework - securely storing them and accessing them through configuration. </LI></OL><P>The Hadoop Credential Provider Framework allows secure "Credential Providers" to keep secrets outside Hadoop configuration files, storing them in encrypted files in local or Hadoop filesystems, and including them in requests. The <A href="https://github.com/apache/hadoop/blob/trunk/hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/index.md">Hadoop-AWS Module</A> documentation describes how to configure this properly.</P> Thu, 02 Mar 2017 23:39:57 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/What-is-the-best-way-to-secure-S3A-objects-on-HDP-2-5/m-p/129769#M55783 tmccuch 2017-03-02T23:39:57Z