Package org.apache.hadoop.hbase.keymeta
Interface KeymetaAdmin
- All Known Implementing Classes:
org.apache.hadoop.hbase.keymeta.KeymetaAdminClient,org.apache.hadoop.hbase.keymeta.KeymetaAdminImpl
KeymetaAdmin is an interface for administrative functions related to managed keys. It handles the
following methods:
-
Method Summary
Modifier and TypeMethodDescriptionvoidClear all entries in the managed key data cache on all live region servers.disableKeyManagement(byte[] keyCust, String keyNamespace) Disables key management for the specified custodian and namespace.disableManagedKey(byte[] keyCust, String keyNamespace, byte[] keyMetadataHash) Disables the specific managed key identified by the specified custodian, namespace, and metadata hash.voidejectManagedKeyDataCacheEntry(byte[] keyCustodian, String keyNamespace, String keyMetadata) Eject a specific managed key entry from the managed key data cache on all live region servers.enableKeyManagement(byte[] keyCust, String keyNamespace) Enables key management for the specified custodian and namespace.getManagedKeys(byte[] keyCust, String keyNamespace) Get the status of all the keys for the specified custodian.voidrefreshManagedKeys(byte[] keyCust, String keyNamespace) Refresh all the keymeta entries for the specified custodian and namespace.rotateManagedKey(byte[] keyCust, String keyNamespace) Attempt a key rotation for the active key of the specified custodian and namespace.booleanTriggers rotation of the System Key (STK) by checking for a new key and propagating it to all region servers.
-
Method Details
-
enableKeyManagement
ManagedKeyData enableKeyManagement(byte[] keyCust, String keyNamespace) throws IOException, KeyException Enables key management for the specified custodian and namespace.- Parameters:
keyCust- The key custodian identifier.keyNamespace- The namespace for the key management.- Returns:
- The list of
ManagedKeyDataobjects each identifying the key and its current status. - Throws:
IOException- if an error occurs while enabling key management.KeyException
-
getManagedKeys
List<ManagedKeyData> getManagedKeys(byte[] keyCust, String keyNamespace) throws IOException, KeyException Get the status of all the keys for the specified custodian.- Parameters:
keyCust- The key custodian identifier.keyNamespace- The namespace for the key management.- Returns:
- The list of
ManagedKeyDataobjects each identifying the key and its current status. - Throws:
IOException- if an error occurs while enabling key management.KeyException
-
rotateSTK
Triggers rotation of the System Key (STK) by checking for a new key and propagating it to all region servers.- Returns:
- true if a new STK was found and rotated, false if no change was detected
- Throws:
IOException- if an error occurs while rotating the STK
-
ejectManagedKeyDataCacheEntry
void ejectManagedKeyDataCacheEntry(byte[] keyCustodian, String keyNamespace, String keyMetadata) throws IOException Eject a specific managed key entry from the managed key data cache on all live region servers.- Parameters:
keyCustodian- the key custodiankeyNamespace- the key namespacekeyMetadata- the key metadata- Throws:
IOException- if an error occurs while ejecting the key
-
clearManagedKeyDataCache
Clear all entries in the managed key data cache on all live region servers.- Throws:
IOException- if an error occurs while clearing the cache
-
disableKeyManagement
ManagedKeyData disableKeyManagement(byte[] keyCust, String keyNamespace) throws IOException, KeyException Disables key management for the specified custodian and namespace. This marks any ACTIVE keys as INACTIVE and adds a DISABLED state marker such that no new ACTIVE key is retrieved, so the new data written will not be encrypted.- Parameters:
keyCust- The key custodian identifier.keyNamespace- The namespace for the key management.- Returns:
- The
ManagedKeyDataobject identifying the previously active key and its current state. - Throws:
IOException- if an error occurs while disabling key management.KeyException- if an error occurs while disabling key management.
-
disableManagedKey
ManagedKeyData disableManagedKey(byte[] keyCust, String keyNamespace, byte[] keyMetadataHash) throws IOException, KeyException Disables the specific managed key identified by the specified custodian, namespace, and metadata hash.- Parameters:
keyCust- The key custodian identifier.keyNamespace- The namespace for the key management.keyMetadataHash- The key metadata hash.- Returns:
- A
ManagedKeyDataobject identifying the key and its current status. - Throws:
IOException- if an error occurs while disabling the managed key.KeyException- if an error occurs while disabling the managed key.
-
rotateManagedKey
ManagedKeyData rotateManagedKey(byte[] keyCust, String keyNamespace) throws IOException, KeyException Attempt a key rotation for the active key of the specified custodian and namespace.- Parameters:
keyCust- The key custodian identifier.keyNamespace- The namespace for the key management.- Returns:
- A
ManagedKeyDataobject identifying the key and its current status. - Throws:
IOException- if an error occurs while rotating the managed key.KeyException- if an error occurs while rotating the managed key.
-
refreshManagedKeys
Refresh all the keymeta entries for the specified custodian and namespace.- Parameters:
keyCust- The key custodian identifier.keyNamespace- The namespace for the key management.- Throws:
IOException- if an error occurs while refreshing managed keys.KeyException- if an error occurs while refreshing managed keys.
-