Oracle Cloud Infrastructure Documentation

Hive Custom Encryption Mode

What does user-defined function mean in Hive?

You can create custom functions to process records of groups of records with User Defined Functions (UDF). Hive comes with a comprehensive library of functions. However, omissions exist, and there are specific cases for which UDFs are the solution.

What is the encryption function of Hive?

Hive provides UDFs, for example, aes_encrypt, which can encrypt the column's data. In this approach, you must manage the encryption key and supply it as an argument to the UDF. Oracle requires we don't share encryption keys with users to keep the key secure. Oracle handles key management, so you don't need to provide keys and so on.

What is the default encryption mode in Big Data Service?

Hive encryption mode is configurable in Big Data Service. Use CCM (Counter with CBC-MAC) mode, or, if performance is a concern, GCM (Galois/Counter Mode) mode where all are available.

How to update the encryption mode in Big Data Service?

Update update the configs in hive-site.xml. The default values are:

Default Hive Config for CRYPTO_ENCRYPTION_VALUE Default Encryption Value Others Value Supported
hive.conf.crypto.encryption.value AES/GCM/PKCS5Padding AES

To change the value, add the configs hive.conf.crypto.encryption.value in the Ambari custom-hive-site.xml property with corresponding value.

  1. Access Apache Ambari.
  2. From the side toolbar, under Services click Hive.
  3. Click Configs.
  4. Under Custom hive-site, select hive-site.xml, and then enter the hive.conf.crypto.encryption.value value.

You can also update the configs by running the command set hive.conf.crypto.encryption.value=AES.

What are TLS/SSL protocols?

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) provide a secure communication channel between a client and a server. At the core, TLS and SSL are cryptographic protocols that use a handshake mechanism to negotiate various parameters to create a secure connection between the client and the server.

How to update the TLS version in Big Data Service?

To update the TLS version in Big Data Service, see the following:

Default config for SSL_CONTEXT_TLS_VERSION Default Value
hive.conf.ssl.context.tls.version TLSv1.2

To change the value, add the configs hive.conf.ssl.context.tls.version in the Ambari custom-hive-site.xml property with corresponding value.

  1. Access Apache Ambari.
  2. From the side toolbar, under Services click Hive.
  3. Click Configs.
  4. Under Custom hive-site, select hive-site.xml, and then enter the hive.conf.ssl.context.tls.version value.
  5. Restart Hive.