Security OverviewPDF version

Handling of sensitive data in Cloudera

Cloudera uses Vault to encrypt sensitive data (such as tokens, passwords, and encryption keys).

Cloudera on premises uses the Embedded/External Vault to store user credentials and some critical system data pertaining to the Cloudera Control Plane that includes the machine user password used to create the control plane, the contents of the kubeconfig file which provides admin access to the Kubernetes Control Plane, and the LDAP credentials configured for the Cloudera Embedded Container Service Cluster.

The Cloudera on premises installer can install Vault, but for OpenShift Container Platform environments, typically this is a pre-existing customer-managed external Vault deployment.

  • For more information on how to install an external HashiCorp Vault, see Install Vault.

    Vault install notes:

    • Supported Vault version: 1.4.0
    • Secrets engine: kv-v2
    • Auth type: kubernetes
  • For more information on how to configure an external HashiCorp Vault for Cloudera on premises, see External Vault Requirements.

We want your opinion

How can we improve this page?

What kind of feedback do you have?