Here are some limitations related to data encryption and authorization in Kudu.
Data encryption at rest is not directly built into Kudu. Encryption of Kudu data at rest can be achieved through the use of local block device encryption software such as
Row-level authorization is not available.
Kudu does not support configuring a custom service principal for Kudu processes. The principal must follow the pattern
- Server certificates generated by Kudu IPKI are incompatible with bouncycastle version 1.52 and earlier.
- The highest supported version of the TLS protocol is TLSv1.2