Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hbase Encryption

Hbase Encryption

Explorer

We have CDH 5.1 in production with hbase encryption. This implementation does not have cloudera manager.

 

We have now setup a new installation with CDH 5.5.1 with cloudera manager. This version includes Apache hbase version 1.0.

 

We are facing issues configuring hbase encryption.

 

Cloudera support says that the cloudera manager does not have the capability to enable hbase encryption. Instead they are suggesting to use hdfs encryption.

 

Apache Hbase 1.0 clearly describes procedure to perform Hbase encryption.

https://hbase.apache.org/book.html#upgrade1.0

 

Question:

Is it possible to configure Hbase Encryption in CDH 5.5.1 outside the cloudera manager?

 

Thanks!

1 REPLY 1

Re: Hbase Encryption

Master Guru
If you are new to CM, I'd recommend reading its primer to get an understanding of its configuration capabilities, among other things: http://www.cloudera.com/documentation/enterprise/latest/topics/cm_intro_primer.html

From what I can understand of your question, you wish to use HBase's inbuilt encryption feature as described at https://hbase.apache.org/book.html#_server_side_configuration_3, instead of encrypting the whole HBase via a HDFS encryption zone.

While CM does not have a direct UI in HBase -> Configuration page to do this, CM does provide you with hbase-site.xml Advanced Configuration Snippet (Safety Valve) fields for various levels (Service-wide, Clients, and role-by-role overrides). You can define any XML <property> pairs within these that the UI does not expose, and it will make it to your service or targeted role (in a similar manner to how you may have managed your hbase-site.xml on the FS previously, but now via a UI).