Protecting the Azure Credentials for WASB with Credential Providers
To protect your credentials from unauthorized users, we recommend that you use the credential provider framework which securely stores your credentials and allows you to securely access them.
To provision the credentials:
% hadoop credential create fs.azure.account.key.youraccount.blob.core.windows.net -value 123 -provider localjceks://file/home/lmccay/wasb.jceks
Next, configure the following configuration properties, either on the command line or in
the core-site.xml
configuration file:
<property> <name>hadoop.security.credential.provider.path</name> <value>localjceks://file/home/lmccay/wasb.jceks</value> <description>Path to interrogate for protected credentials.</description> </property>
You may optionally add the provider path property to the distcp
command line
instead of adding a job-specific configuration to a generic core-site.xml
. The
options enclosed in square brackets illustrate this capability.
% hadoop distcp [-D hadoop.security.credential.provider.path=localjceks://file/home/lmccay/wasb.jceks] hdfs://hostname:9001/user/lmccay/007020615 wasb://yourcontainer@youraccount.blob.core.windows.net/testDir/
You may also protect the Azure credentials within an encrypted file.
Related Links