How to use GnuPG in HDInsight for encryption and decryption?

vijay singh parmar 26 Reputation points
2022-04-17T03:02:56.34+00:00

Hi,

I am working with the HDInsight Spark cluster on Azure. Trying to encrypt files with pgp encryption using our private key. Is there a way that this can achieve rather than using the inbuilt encryption mechanism?

  1. How to set the home for GnuPG when a cluster gets created?
  2. How to locate the private key dynamically and copy it to the home folder of GnuPG which can be used for the encryption?

Thanks,
Vijay

Azure Disk Encryption
Azure Disk Encryption
An Azure service for virtual machines (VMs) that helps address organizational security and compliance requirements by encrypting the VM boot and data disks with keys and policies that are controlled in Azure Key Vault.
163 questions
Azure HDInsight
Azure HDInsight
An Azure managed cluster service for open-source analytics.
201 questions
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 82,196 Reputation points Microsoft Employee
    2022-04-18T08:41:53.89+00:00

    Hello @vijay singh parmar ,

    Welcome to the MS Q&A platform.

    Unfortunately there is no out of box feature (GnuPG) encryption/decryption for Azure HDInsights.

    HDInsight supports multiple types of encryption in two different layers:

    • Server Side Encryption (SSE) - SSE is performed by the storage service. In HDInsight, SSE is used to encrypt OS disks and data disks. It is enabled by default. SSE is a layer 1 encryption service.
    • Encryption at host using platform-managed key - Similar to SSE, this type of encryption is performed by the storage service. However, it is only for temporary disks and is not enabled by default. Encryption at host is also a layer 1 encryption service.
    • Encryption at rest using customer managed key - This type of encryption can be used on data and temporary disks. It is not enabled by default and requires the customer to provide their own key through Azure key vault. Encryption at rest is a layer 2 encryption service.

    For more details, refer to Azure HDInsight double encryption for data at rest.

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful