Replication of encrypted data
HDFS supports encryption of data at rest including data accessed through Hive. This
topic describes how replication works within and between encryption zones and how to configure
replication to avoid failures due to encryption.
Encrypting data in transit between clusters during replication A source directory and destination directory may or may not be in an encryption zone. If the destination directory is in an encryption zone, the data on the destination directory is encrypted. If the destination directory is not in an encryption zone, the data on that directory is not encrypted, even if the source directory is in an encryption zone. Encryption zones are not supported in CDH versions 5.1 or lower. Security considerations for encrypted data during replication The user you specify with the Run As field when scheduling a replication job requires full access to both the key and the data directories being replicated. This is not a recommended best practice for KMS management.