Protecting the Azure Credentials for WASB within an Encrypted File
In addition to using the credential provider framework to protect your credentials, it
is also possible to configure it in an encrypted form. An additional configuration
property fs.azure.shellkeyprovider.script
specifies an external program to be
invoked by Hadoop processes to decrypt the key. The encrypted key value is passed to this
external program as a command line argument:
<property> <name>fs.azure.account.keyprovider.youraccount</name> <value>org.apache.hadoop.fs.azure.ShellDecryptionKeyProvider</value> </property> <property> <name>fs.azure.account.key.youraccount.blob.core.windows.net</name> <value>YOUR ENCRYPTED ACCESS KEY</value> </property> <property> <name>fs.azure.shellkeyprovider.script</name> <value>PATH TO DECRYPTION PROGRAM</value> </property>