Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Strict Access to Encrypted Zone in Transparent Data Encryption

Labels (1)
avatar
author-rank KuldeepK author-rank
Master Guru

Created on ‎10-28-2015 05:24 AM

I had setup Transparent data encryption some time back for HDP2.2 by referring steps mentioned at http://hortonworks.com/kb/hdfs-transparent-data-encryption/

I tested my setup, everything worked perfectly except one thing, superuser was able to access the contents from encrypted zone transparently which I think should not work that way, so to restrict your encrypted zone you need to modify below property in /usr/kms-demo/hadoop/etc/hadoop/kms-acls.xml

<property>
<name>hadoop.kms.acl.DECRYPT_EEK</name>
<value>user1,user2</value>
<description> ACL for decryptEncryptedKey CryptoExtension operations.
</description>
</property>

Add list of users for whom you want to give access to your encrypted zone.

Hope this is useful 🙂

903 Views
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
Community Announcements
September 2025 Community Highlights
What's New @ Cloudera
Upgrade Your Spark Experience: Introducing CDS 3.5 for Cloud...
View More Announcements
Version history
Last update:
‎10-28-2015 05:24 AM
Updated by:
Master Guru Master Guru
Contributors