Support Questions
Find answers, ask questions, and share your expertise

Hbase Encryption of the cell content and encryption of the HFile

Solved Go to solution

Hbase Encryption of the cell content and encryption of the HFile

Contributor

Hi,

I would like additional information about encryption in HBase.

HBase is working over HDFS and HDFS support encryption so when the data is store, they are encrypted, right?

I would like also the encrypt the content into a cell. So encryption into the cell + encryption of the HFile (hdfs) is those features available?

Can you point me nice documentation, examples on how to encrypt data into the cell? I would like also to change the key encryption every hours, any idea how to manage that in a "easy" way? :)

Thanks in advance,

Michel

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Hbase Encryption of the cell content and encryption of the HFile

@Michel Sumbul

My understanding of your question is that aside from HFile encryption (very well covered by @mqureshi response), you are asking also about non-TDE column-level encryption. HBase does not have column-level encryption feature out of box. You could use Dataguise (http://hortonworks.com/partner/dataguise/), or go with the option to develop your UDF for encryption and decryption separately using some algorithm. The encryption key can be stored in Ranger KSM.

UDF could leverage https://hbase.apache.org/apidocs/org/apache/hadoop/hbase/io/crypto/Encryption.html

If any of the responses addressed your question, please don't forget to vote/accept answer.

View solution in original post

3 REPLIES 3

Re: Hbase Encryption of the cell content and encryption of the HFile

Super Guru

@Michel Sumbul good questions. HBase cell security documentation is available here.

Re: Hbase Encryption of the cell content and encryption of the HFile

@Michel Sumbul

My understanding of your question is that aside from HFile encryption (very well covered by @mqureshi response), you are asking also about non-TDE column-level encryption. HBase does not have column-level encryption feature out of box. You could use Dataguise (http://hortonworks.com/partner/dataguise/), or go with the option to develop your UDF for encryption and decryption separately using some algorithm. The encryption key can be stored in Ranger KSM.

UDF could leverage https://hbase.apache.org/apidocs/org/apache/hadoop/hbase/io/crypto/Encryption.html

If any of the responses addressed your question, please don't forget to vote/accept answer.

View solution in original post

Re: Hbase Encryption of the cell content and encryption of the HFile

Super Guru
@Michel Sumbul

When you talk about encryption in HBase, you Encrypt HFile and WAL. You cannot encrypt only some columns and not others. When you encrypt the HFile, your cells are encrypted. Please check the following link on how to implement this.

https://hbase.apache.org/book.html#hbase.encryption.server

You can also create HDFS level encryption zone for /hbase directory and your data will be encrypted. Please check the following link

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.0/bk_hdfs_admin_tools/content/hbase-with-hdfs...