Hi I've checked this procedure in cloudera on how to validate the encryption of my KMS and HDFS
Create a zone and link to the key.
su hdfs hdfs crypto -createZone -keyName mykey1 -path /tmp/zone1 Create a file, put it in your zone and ensure the file can be decrypted.
su echo "Hello World" > /tmp/helloWorld.txt
hadoop fs -put /tmp/helloWorld.txt /tmp/zone1
hadoop fs -cat /tmp/zone1/helloWorld.txt rm /tmp/helloWorld.txt
Just want to ask, i have an existing hdfs directory there that I want to encrypt, my questions are below:
1. Can I encrypt and existing hdfs directory using this command hdfs crypto -createZone -keyName mykey1 -path /tmp/zone1?
2. if I encrypt the hdfs directory, does the encryption implemented on its sub directories and files under it?
@Mondi I guess yes. The encryption will take place in subdirectories as well. See the blog post.
Though you can just give it a try my making any test file/dir.