Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Hbase Encryption of the cell content and encryption of the HFile

avatar
author-rank michelsumbul
Rising Star

Created ‎04-28-2016 02:30 PM

Hi,

I would like additional information about encryption in HBase.

HBase is working over HDFS and HDFS support encryption so when the data is store, they are encrypted, right?

I would like also the encrypt the content into a cell. So encryption into the cell + encryption of the HFile (hdfs) is those features available?

Can you point me nice documentation, examples on how to encrypt data into the cell? I would like also to change the key encryption every hours, any idea how to manage that in a "easy" way? 🙂

Thanks in advance,

Michel

5,573 Views
1 ACCEPTED SOLUTION

avatar
author-rank cstanca
Super Guru

Created ‎08-25-2016 01:30 AM

@Michel Sumbul

My understanding of your question is that aside from HFile encryption (very well covered by @mqureshi response), you are asking also about non-TDE column-level encryption. HBase does not have column-level encryption feature out of box. You could use Dataguise (http://hortonworks.com/partner/dataguise/), or go with the option to develop your UDF for encryption and decryption separately using some algorithm. The encryption key can be stored in Ranger KSM.

UDF could leverage https://hbase.apache.org/apidocs/org/apache/hadoop/hbase/io/crypto/Encryption.html

If any of the responses addressed your question, please don't forget to vote/accept answer.

View solution in original post

2,592 Views
3 REPLIES 3

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎04-28-2016 02:34 PM

@Michel Sumbul good questions. HBase cell security documentation is available here.

2,592 Views
0 Kudos

avatar
author-rank cstanca
Super Guru

Created ‎08-25-2016 01:30 AM

@Michel Sumbul

My understanding of your question is that aside from HFile encryption (very well covered by @mqureshi response), you are asking also about non-TDE column-level encryption. HBase does not have column-level encryption feature out of box. You could use Dataguise (http://hortonworks.com/partner/dataguise/), or go with the option to develop your UDF for encryption and decryption separately using some algorithm. The encryption key can be stored in Ranger KSM.

UDF could leverage https://hbase.apache.org/apidocs/org/apache/hadoop/hbase/io/crypto/Encryption.html

If any of the responses addressed your question, please don't forget to vote/accept answer.

2,593 Views

avatar
author-rank mqureshi
Super Guru

Created ‎08-25-2016 02:10 AM

@Michel Sumbul

When you talk about encryption in HBase, you Encrypt HFile and WAL. You cannot encrypt only some columns and not others. When you encrypt the HFile, your cells are encrypted. Please check the following link on how to implement this.

https://hbase.apache.org/book.html#hbase.encryption.server

You can also create HDFS level encryption zone for /hbase directory and your data will be encrypted. Please check the following link

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.0/bk_hdfs_admin_tools/content/hbase-with-hdfs...

2,592 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements