HADOOP-14095. Document caveats about the default JavaKeyStoreProvider in KMS.

(cherry picked from commit d7ecac379a02876919d3e6081d42f0937f54e664) Conflicts: hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
2017-09-29 19:17:32 -07:00 · 2017-09-29 19:17:32 -07:00 · 78d6dd414a
parent e84d508c1b
commit 78d6dd414a
1 changed files with 2 additions and 0 deletions
--- a/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
+++ b/hadoop-common-project/hadoop-kms/src/site/markdown/index.md.vm
@ -71,6 +71,8 @@ The password file is looked up in the Hadoop's configuration directory via the c

 NOTE: You need to restart the KMS for the configuration changes to take effect.

+NOTE: The KMS server can choose any `KeyProvider` implementation as the backing provider. The example here uses a JavaKeyStoreProvider, which should only be used for experimental purposes and never be used in production. For detailed usage and caveats of JavaKeyStoreProvider, please see [Keystore Passwords section of the Credential Provider API](../hadoop-project-dist/hadoop-common/CredentialProviderAPI.html#Keystore_Passwords).
+
 $H3 KMS Cache

 KMS has two kinds of caching: a CachingKeyProvider for caching the encryption keys, and a KeyProvider for caching the EEKs.