Google Git
Sign in
apache / kudu / b6aaf2b71da05c5427e1bee0dccc0e66101c684d
commitb6aaf2b71da05c5427e1bee0dccc0e66101c684d[log] [tgz]
authorAttila Bukor <abukor@apache.org>Thu May 12 01:20:38 2022 +0200
committerAttila Bukor <abukor@apache.org>Thu May 26 15:03:59 2022 +0000
treed9b9cd99b363c58aa245abe0e1d1288552468873
parentb60b724ce033a8956508701a7d58b94a60184313 [diff]
KUDU-3368 Encrypt file keys with server keys

This patch removes the dummy encryption key used to encrypt all file
keys and introduces the server key, which is used instead on a
per-server basis. The server key is stored in the instance files,
currently in cleartext. Encrypting the server key will be done in a
follow-up patch.

Servers in internal mini-cluster are forced to use the same server key
as they share an environment, but servers in external mini-cluster can
use different keys. Multiple (non-default) PosixEnv instances can now be
created to make this possible.

Change-Id: I1884f62fde3bb110291b1d01c5e68942c6071318
Reviewed-on: http://gerrit.cloudera.org:8080/18192
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <alexey@apache.org>
Reviewed-by: Zoltan Chovan <zchovan@cloudera.com>
35 files changed
tree: d9b9cd99b363c58aa245abe0e1d1288552468873
  1. build-support/
  2. cmake_modules/
  3. docker/
  4. docs/
  5. examples/
  6. java/
  7. kubernetes/
  8. python/
  9. src/
  10. thirdparty/
  11. www/
  12. .dockerignore
  13. .gitignore
  14. .ycm_extra_conf.py
  15. CMakeLists.txt
  16. CONTRIBUTING.adoc
  17. LICENSE.txt
  18. NOTICE.txt
  19. README.adoc
  20. RELEASING.adoc
  21. version.txt