Class KeyStoreKeyProvider

java.lang.Object
org.apache.hadoop.hbase.io.crypto.KeyStoreKeyProvider
All Implemented Interfaces:
KeyProvider

@Public public class KeyStoreKeyProvider extends Object implements KeyProvider
A basic KeyProvider that can resolve keys from a protected KeyStore file on the local filesystem. It is configured with a URI passed in as a String to init(). The URI should have the form:

     scheme://path?option1=value1&option2=value2
 

scheme can be either "jks" or "jceks", specifying the file based providers shipped with every JRE. The latter is the certificate store for the SunJCE cryptography extension, or PKCS #12, and is capable of storing SecretKeys.

path is the location of the keystore in the filesystem namespace.

Options can be specified as query parameters.

If the store was created with a password, the password can be specified using the option 'password'.

For example:

     jceks:///var/tmp/example.ks?password=foobar
 

It is assumed that all keys in the store are protected with the same password.

Alternatively, a properties file can be specified containing passwords for keys in the keystore.

     jceks:///var/tmp/example.ks?passwordFile=/var/tmp/example.pw
 

Subclasses for supporting KeyStores that are not file based can extend the protected methods of this class to specify the appropriate LoadStoreParameters.