Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How do you encrypt specific data fields in HDF (specifically data in motion) ?

avatar
author-rank mpandit author-rank
Guru

Created ‎05-03-2016 02:10 PM

 
3,376 Views
1 ACCEPTED SOLUTION

avatar
author-rank bbende author-rank
Master Guru

Created ‎05-03-2016 05:11 PM

HDF (NiFi) moves data around as flow files, and each flow file is made up of metadata attributes and content, where the content is just bytes. There is no internal data format where NiFi knows about "fields", so it can't provide a generic way to encrypt fields. It provides out of the box processors called EncryptContent and DecryptContent which can encrypt and decrypt the entire content of a FlowFile.

If you have a know data format like CSV, JSON, etc, and want to encrypt individual fields with in that content, it would likely require a custom processor to interpret that format and apply the encryption. It may be possible to do this with the ExecuteScript processor, but a custom Java processor would definitely be possible.

View solution in original post

2,727 Views
5 REPLIES 5

avatar
author-rank drussell
Guru

Created ‎05-03-2016 03:03 PM

Hi @mpandit at the moment, I believe if you're just looking to encrypt some of the information, you'd need to use something like the SplitContent processor, to split out the elements you want to encrypt, and then EncryptContent to encrypt those elements separately from the rest of the data in each flowfile. This of course means you'll potentially need to re-assemble the data when it reaches its target location.

2,727 Views

avatar
author-rank TimothySpann author-rank
Master Guru

Created ‎05-03-2016 03:07 PM

Is the data encrypted when it leaves the edge device? Use SSL transport and land encrypted in HDP.

2,727 Views
0 Kudos

avatar
author-rank mpandit author-rank
Guru

Created ‎05-03-2016 03:24 PM

If data is encrypted and just a pass through then its ok but I am interested in explicit data encryption, like in HDP how do you apply the securoty policies using ranger.

2,727 Views
0 Kudos

avatar
author-rank bbende author-rank
Master Guru

Created ‎05-03-2016 05:11 PM

HDF (NiFi) moves data around as flow files, and each flow file is made up of metadata attributes and content, where the content is just bytes. There is no internal data format where NiFi knows about "fields", so it can't provide a generic way to encrypt fields. It provides out of the box processors called EncryptContent and DecryptContent which can encrypt and decrypt the entire content of a FlowFile.

If you have a know data format like CSV, JSON, etc, and want to encrypt individual fields with in that content, it would likely require a custom processor to interpret that format and apply the encryption. It may be possible to do this with the ExecuteScript processor, but a custom Java processor would definitely be possible.

2,728 Views

avatar
author-rank rbiswas1
Guru

Created ‎05-08-2016 04:23 PM

Hi,

@mpandit

You can check the following post:

https://community.hortonworks.com/questions/28500/best-practices-for-securing-data-ingestion-through...

It will provide you with more insights.

Thanks

2,727 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements