Protecting the Azure Credentials for WASB within an Encrypted File
In addition to using the credential provider framework to protect your credentials, it is
also possible to configure it in an encrypted form. An additional configuration property
fs.azure.shellkeyprovider.script
specifies an external program to be invoked by
Hadoop processes to decrypt the key. The encrypted key value is passed to this external
program as a command line argument:
<property> <name>fs.azure.account.keyprovider.youraccount</name> <value>org.apache.hadoop.fs.azure.ShellDecryptionKeyProvider</value> </property> <property> <name>fs.azure.account.key.youraccount.blob.core.windows.net</name> <value>YOUR ENCRYPTED ACCESS KEY</value> </property> <property> <name>fs.azure.shellkeyprovider.script</name> <value>PATH TO DECRYPTION PROGRAM</value> </property>