Reputation: 6080
How to secure blob storage access key in Azure Key Vault
We would like to protect the Azure Blob Storage access key in key vault. Which version of https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-azure has support for such a capability, since the current support is not that secure.
http://hadoop.apache.org/docs/stable/hadoop-azure/index.html
Usage of Azure Blob Storage requires configuration of credentials. Typically this is set in core-site.xml. The configuration property name is of the form fs.azure.account.key..blob.core.windows.net and the value is the access key. The access key is a secret that protects access to your storage account. Do not share the access key (or the core-site.xml file) with an untrusted party.
<property>
<name>fs.azure.account.key.youraccount.blob.core.windows.net</name>
<value>YOUR ACCESS KEY</value>
</property>
Upvotes: 2
Views: 768
Answers (1)
Reputation: 41
There is no support for this to my knowledge. But you can implement this in the given decrypt script in core-site.xml by connecting to KeyVault for decryption/or retrieval of the key.
<property>
<name>fs.azure.shellkeyprovider.script</name>
<value>/usr/lib/hdinsight-common/scripts/KeyVaultdecrypt.sh</value>
</property>
Upvotes: 3
Related Questions
- Decrypt a blob from Azure blob storage with key vault using version 12.x Azure storage libraries
- Encrypt azure blob using Key in Azure-key-vault in Python
- How do you decrypt blobs with Azure KeyVault keys in Azure.Storage v12
- Using Key Vault Secret with Binder in Azure Function on Blob connection
- Azure Storage Account with Key Vault to manage its keys
- Secure access to Microsoft Azure Blob Storage
- In motion encryption of Azure Blobs
- Azure Storage Container based shared key
- How to provide security for blob storage in Windows Azure
- How to secure azure blobs