SmartData 3.4.0 and later support JindoFS OSS credential providers. You can use a JindoFS OSS credential provider to save an encrypted AccessKey pair into a file. This prevents the AccessKey pair from being leaked.

Configure a JindoFS OSS credential provider

  1. Go to the SmartData service page.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page, find your cluster and click Details in the Actions column.
    5. In the left-side navigation pane, choose Cluster Service > SmartData.
  2. Go to the smartdata-site tab.
    1. Click the Configure tab.
    2. In the Service Configuration section, click the smartdata-site tab.
  3. On the smartdata-site tab, add or modify configurations based on the configuration method.
    Configuration method Description
    Global configuration (for all buckets) In the Configuration Filter section, search for the fs.jfs.cache.oss.credentials.provider parameter and append the required implementation class of AliyunCredentialsProvider to the end of the parameter value. If you want to add multiple classes, separate them with commas (,). The system reads credential values in sequence until a valid credential value is found. For more information about the configuration of this parameter, see Global configuration.

    Example: com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider,com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider,com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider.

    Bucket-level configuration Perform the following steps to add configurations:
    1. In the upper-right corner of the smartdata-site tab, click Custom Configuration.
    2. In the Add Configuration Item dialog box, set Key to fs.jfs.cache.oss.bucket.XXX.credentials.provider and Value to the required implementation class of com.aliyun.emr.fs.auth.AliyunCredentialsProvider. If you want to add multiple classes, separate them with commas (,). The system reads credential values in sequence until a valid credential value is found. For more information about the configuration of this parameter, see Bucket-level configuration.

      Example: com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider,com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider,com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider.

      Note XXX indicates the name of an OSS bucket.
    3. Click OK.
  4. Save the configurations.
    1. In the upper-right corner of the Service Configuration section, click Save.
    2. In the Confirm Changes dialog box, specify Description and turn on Auto-update Configuration.
    3. Click OK.

Global configuration

You can configure different credential providers based on your business requirements. The following table describes the supported credential providers.

Type Description
TemporaryAliyunCredentialsProvider This credential provider is suitable for scenarios in which an AccessKey pair with a validity period and a security token with a validity period are used to access OSS.
To use this credential provider, you must append com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider to the value of the fs.jfs.cache.oss.credentials.provider parameter and add the following configuration items:
  • fs.jfs.cache.oss.accessKeyId: the AccessKey ID that is used to access your OSS bucket.
  • fs.jfs.cache.oss.accessKeySecret: the AccessKey secret that is used to access your OSS bucket.
  • fs.jfs.cache.oss.securityToken: the temporary security token that is used to access your OSS bucket.
SimpleAliyunCredentialsProvider This credential provider is suitable for scenarios in which an AccessKey pair with a long validity period is used to access OSS.
To use this credential provider, you must append com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider to the value of the fs.jfs.cache.oss.credentials.provider parameter and add the following configuration items:
  • fs.jfs.cache.oss.accessKeyId: the AccessKey ID that is used to access your OSS bucket.
  • fs.jfs.cache.oss.accessKeySecret: the AccessKey secret that is used to access your OSS bucket.
EnvironmentVariableCredentialsProvider To use this credential provider, you must configure the required parameters in the environment variable file.
In the environment variable file, you must set the fs.jfs.cache.oss.credentials.provider parameter to com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider and add the following configuration items:
  • ALIYUN_ACCESS_KEY_ID: the AccessKey ID that is used to access your OSS bucket.
  • ALIYUN_ACCESS_KEY_SECRET: the AccessKey secret that is used to access your OSS bucket.
  • ALIYUN_SECURITY_TOKEN: the temporary security token that is used to access your OSS bucket.
    Note This parameter is required only if you configure a token that has a validity period.
JindoCommonCredentialsProvider This is a common credential provider. After you configure the required parameters, you can use this credential provider in JindoOSS and JindoFS.
To use this credential provider, you must append com.aliyun.emr.fs.auth.JindoCommonCredentialsProvider to the value of the fs.jfs.cache.oss.credentials.provider parameter and add the following configuration items:
  • jindo.common.accessKeyId: the AccessKey ID that is used to access your OSS bucket.
  • jindo.common.accessKeySecret: the AccessKey secret that is used to access your OSS bucket.
  • jindo.common.securityToken: the temporary security token that is used to access your OSS bucket.
EcsStsCredentialsProvider This credential provider does not require an AccessKey pair. You can access OSS in password-free mode.

To use this credential provider, you must append com.aliyun.emr.fs.auth.EcsStsCredentialsProvider to the value of the fs.jfs.cache.oss.credentials.provider parameter.

Bucket-level configuration

You can configure different credential providers based on your business requirements. The following table describes the supported credential providers.

Type Description
TemporaryAliyunCredentialsProvider This credential provider is suitable for scenarios in which an AccessKey pair with a validity period and a security token with a validity period are used to access OSS.
To use this credential provider, you must set the fs.jfs.cache.oss.bucket.XXX.credentials.provider parameter to com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider and add the following configuration items:
  • fs.jfs.cache.oss.bucket.XXX.accessKeyId: the AccessKey ID that is used to access your OSS bucket.
  • fs.jfs.cache.oss.bucket.XXX.accessKeySecret: the AccessKey secret that is used to access your OSS bucket.
  • fs.jfs.cache.oss.bucket.XXX.securityToken: the temporary security token that is used to access your OSS bucket.
SimpleAliyunCredentialsProvider This credential provider is suitable for scenarios in which an AccessKey pair with a long validity period is used to access OSS.
To use this credential provider, you must set the fs.jfs.cache.oss.bucket.XXX.credentials.provider parameter to com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider and add the following configuration items:
  • fs.jfs.cache.oss.bucket.XXX.accessKeyId: the AccessKey ID that is used to access your OSS bucket.
  • fs.jfs.cache.oss.bucket.XXX.accessKeySecret: the AccessKey secret that is used to access your OSS bucket.
EnvironmentVariableCredentialsProvider To use this credential provider, you must configure the required parameters in the environment variable file.
In the environment variable file, you must set the fs.jfs.cache.oss.bucket.XXX.credentials.provider parameter to com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider and add the following configuration items:
  • ALIYUN_ACCESS_KEY_ID: the AccessKey ID that is used to access your OSS bucket.
  • ALIYUN_ACCESS_KEY_SECRET: the AccessKey secret that is used to access your OSS bucket.
  • ALIYUN_SECURITY_TOKEN: the temporary security token that is used to access your OSS bucket.
    Note This parameter is required only if you configure a token that has a validity period.
JindoCommonCredentialsProvider This is a common credential provider. After you configure the required parameters, you can use this credential provider in JindoOSS and JindoFS.
To use this credential provider, you must set the fs.jfs.cache.oss.credentials.provider parameter to com.aliyun.emr.fs.auth.JindoCommonCredentialsProvider and add the following configuration items:
  • jindo.common.accessKeyId: the AccessKey ID that is used to access your OSS bucket.
  • jindo.common.accessKeySecret: the AccessKey secret that is used to access your OSS bucket.
  • jindo.common.securityToken: the temporary security token that is used to access your OSS bucket.
EcsStsCredentialsProvider This credential provider does not require an AccessKey pair. You can access OSS in password-free mode.

To use this credential provider, you must set the fs.jfs.cache.oss.bucket.XXX.credentials.provider parameter to com.aliyun.emr.fs.auth.EcsStsCredentialsProvider.