Configuring Apache HDFS Encryption
Also available as:
PDF
loading table of contents...

Configure Hive Tables for HDFS Encryption

Before enabling encryption zones, decide whether to store your Hive tables across one zone or multiple encryption zones.

For a Single Encryption Zone

  1. To configure a single encryption zone for your entire Hive warehouse:
    1. Rename /warehouse/tablespace to /warehouse/tablespace-old.
    2. Create an encryption zone at /warehouse/tablespace.
    3. distcp all of the data from /warehouse/tablespace-old to /warehouse/tablespace.
  2. To configure the Hive scratch directory (hive.exec.scratchdir) so that it resides inside the encryption zone:
    1. Set the directory to /warehouse/tablespace/tmp.
    2. Make sure that the permissions for /warehouse/tablespace/tmp are set to 1777.

For multiple Encryption Zones

To access encrypted databases and tables with different encryption keys, configure multiple encryption zones.

For example, to configure two encrypted tables, ez1.db and ez2.db, in two different encryption zones:

  1. Create two new encryption zones, /warehouse/tablespace/managed/ez1.db and /warehouse/tablespace/managed/ez2.db.
  2. Load data into Hive tables ez1.db and ez2.db as usual, using LOAD statements.