HADOOP-14095. Document caveats about the default JavaKeyStoreProvider in KMS.

2017-09-29 19:17:32 -07:00 · 2017-09-29 19:17:32 -07:00 · 06df6ab254
parent 66c417167a
commit 06df6ab254
1 changed files with 3 additions and 1 deletions
--- a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
+++ b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
@ -80,6 +80,8 @@ The password file is looked up in the Hadoop's configuration directory via the c

 NOTE: You need to restart the KMS for the configuration changes to take effect.

+NOTE: The KMS server can choose any `KeyProvider` implementation as the backing provider. The example here uses a JavaKeyStoreProvider, which should only be used for experimental purposes and never be used in production. For detailed usage and caveats of JavaKeyStoreProvider, please see [Keystore Passwords section of the Credential Provider API](../hadoop-project-dist/hadoop-common/CredentialProviderAPI.html#Keystore_Passwords).
+
 $H3 KMS HTTP Configuration

 KMS pre-configures the HTTP port to 9600.
@ -1184,4 +1186,4 @@ and `/stacks`, configure the following properties in `kms-site.xml`:
      to all users and groups, e.g. '*', '* ' and ' *' are all valid.
    </description>
  </property>
-```
+```