Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Change the Current Master Key

To change the master key:

  • If you know the current master key or if the current master key has been persisted:

    1. Re-run the encryption setup command and follow the prompts.

      ambari-server setup-security

      1. Select Option 2: Choose one of the following options:

        • [1] Enable HTTPS for Ambari server.

        • [2] Encrypt passwords stored in ambari.properties file.

        • [3] Setup Ambari kerberos JAAS configuration.

      2. Enter the current master key when prompted if necessary (if it is not persisted or set as an environment variable).

      3. At the Do you want to reset Master Key prompt, enter yes.

      4. At the prompt, enter the new master key and confirm.

  • If you do not know the current master key:

    • Remove encryption entirely, as described here.

    • Re-run ambari-server setup-security as described here.

    • Start or restart the Ambari Server.

      ambari-server restart