Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HDFS KMS encryption on the existing hdfs directory

avatar
author-rank Mondi
Rising Star

Created ‎08-17-2020 02:41 AM

Hi I've checked this procedure in cloudera on how to validate the encryption of my KMS and HDFS

 

Create a zone and link to the key.

su hdfs hdfs crypto -createZone -keyName mykey1 -path /tmp/zone1 Create a file, put it in your zone and ensure the file can be decrypted.

su echo "Hello World" > /tmp/helloWorld.txt

hadoop fs -put /tmp/helloWorld.txt /tmp/zone1

hadoop fs -cat /tmp/zone1/helloWorld.txt rm /tmp/helloWorld.txt

 

Just want to ask, i have an existing hdfs directory there that I want to encrypt, my questions are below:

1. Can I encrypt and existing hdfs directory using this command hdfs crypto -createZone -keyName mykey1 -path /tmp/zone1?

2. if I encrypt the hdfs directory, does the encryption implemented on its sub directories and files under it?

 

 

2,207 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Mike in Austin author-rank
Expert Contributor

Created ‎08-26-2020 09:26 AM

You cannot perform an in-place encryption of an existing directory.

You need to create an encryption zone and move data to the encryption zone.

Here's the docs with the procedure.

 

View solution in original post

2,162 Views
0 Kudos
2 REPLIES 2

avatar
author-rank GangWar author-rank
Master Guru

Created ‎08-22-2020 12:12 PM

@Mondi I guess yes. The encryption will take place in subdirectories as well. See the blog post.

https://blog.cloudera.com/new-in-cdh-5-3-transparent-encryption-in-hdfs/

 

Though you can just give it a try my making any test file/dir. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,177 Views
0 Kudos

avatar
author-rank Mike in Austin author-rank
Expert Contributor

Created ‎08-26-2020 09:26 AM

You cannot perform an in-place encryption of an existing directory.

You need to create an encryption zone and move data to the encryption zone.

Here's the docs with the procedure.

 

2,163 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements