question

vijaysinghparmar-4999 avatar image
0 Votes"
vijaysinghparmar-4999 asked PRADEEPCHEEKATLA-MSFT commented

How to use GnuPG in HDInsight for encryption and decryption?

Hi,

I am working with the HDInsight Spark cluster on Azure. Trying to encrypt files with pgp encryption using our private key. Is there a way that this can achieve rather than using the inbuilt encryption mechanism?


  1. How to set the home for GnuPG when a cluster gets created?

  2. How to locate the private key dynamically and copy it to the home folder of GnuPG which can be used for the encryption?


Thanks,
Vijay

azure-hdinsightazure-disk-encryption
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PRADEEPCHEEKATLA-MSFT avatar image PRADEEPCHEEKATLA-MSFT ·

Hello @vijaysinghparmar-4999,

Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.

  • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you.

0 Votes 0 ·

1 Answer

PRADEEPCHEEKATLA-MSFT avatar image
1 Vote"
PRADEEPCHEEKATLA-MSFT answered PRADEEPCHEEKATLA-MSFT commented

Hello @vijaysinghparmar-4999,

Welcome to the MS Q&A platform.

Unfortunately there is no out of box feature (GnuPG) encryption/decryption for Azure HDInsights.

HDInsight supports multiple types of encryption in two different layers:

  • Server Side Encryption (SSE) - SSE is performed by the storage service. In HDInsight, SSE is used to encrypt OS disks and data disks. It is enabled by default. SSE is a layer 1 encryption service.

  • Encryption at host using platform-managed key - Similar to SSE, this type of encryption is performed by the storage service. However, it is only for temporary disks and is not enabled by default. Encryption at host is also a layer 1 encryption service.

  • Encryption at rest using customer managed key - This type of encryption can be used on data and temporary disks. It is not enabled by default and requires the customer to provide their own key through Azure key vault. Encryption at rest is a layer 2 encryption service.

For more details, refer to Azure HDInsight double encryption for data at rest.

Hope this will help. Please let us know if any further queries.

  • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how

  • Want a reminder to come back and check responses? Here is how to subscribe to a notification

  • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PRADEEPCHEEKATLA-MSFT avatar image PRADEEPCHEEKATLA-MSFT ·

Hello @vijaysinghparmar-4999,

Just checking in to see if the above answer helped. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

0 Votes 0 ·