SmartData 3.4.0 and later support JindoFS OSS credential providers. You can use a JindoFS OSS credential provider to save an encrypted AccessKey pair into a file. This prevents the AccessKey pair from being leaked.

Configure a JindoFS OSS credential provider

  1. Go to the SmartData service.
    1. Log on to the Alibaba Cloud EMR console.
    2. In the top navigation bar, select the region where your cluster resides. Select the resource group as required. By default, all resources of the account appear.
    3. Click the Cluster Management tab.
    4. On the Cluster Management page that appears, find the target cluster and click Details in the Actions column.
    5. In the left-side navigation pane, click Cluster Service and then SmartData.
  2. Go to the smartdata-site tab.
    1. Click the Configure tab.
    2. In the Service Configuration section, click the smartdata-site tab.
  3. Add configuration information.
    1. In the upper-right corner of the smartdata-site tab, click Custom Configuration.
    2. In the Add Configuration Item dialog box, add one of the parameters described in the following tables.
      • Global configuration (for all buckets)
        Parameter Description
        fs.jfs.cache.oss.credentials.provider Specifies the implementation classes of com.aliyun.emr.fs.auth.AliyunCredentialsProvider. Separate multiple classes with commas (,). The system reads credential values in sequence until a valid credential value is found. Example: com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider, com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider, com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider.

        For more information about credential providers, see Credential provider types.

      • Bucket-level configuration
        Parameter Description
        fs.jfs.cache.oss.bucket.XXX.credentials.provider Specifies the implementation classes of com.aliyun.emr.fs.auth.AliyunCredentialsProvider. Separate multiple classes with commas (,). The system reads credential values in sequence until a valid credential value is found. Example: com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider, com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider, com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider.
        For more information about credential providers, see Credential provider types.
        Note XXX indicates the name of the OSS bucket.
    3. Click OK.
  4. Save the configuration.
    1. In the upper-right corner of the Service Configuration section, click Save.
    2. In the Confirm Changes dialog box, specify Description and turn on Auto-update Configuration.
    3. Click OK.

Credential provider types

You can select different credential providers based on your business requirements:
  • Global configuration
    • TemporaryAliyunCredentialsProvider
      This credential provider is suitable for scenarios in which an AccessKey pair with a validity period and a security token with a validity period are used to access OSS.
      Parameter Description
      fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider.
      fs.jfs.cache.oss.accessKeyId The AccessKey ID used to access an OSS bucket.
      fs.jfs.cache.oss.accessKeySecret The AccessKey secret used to access the OSS bucket.
      fs.jfs.cache.oss.securityToken The temporary security token used to access the OSS bucket.
    • SimpleAliyunCredentialsProvider
      This credential provider is suitable for scenarios in which an AccessKey pair with a long validity period is used to access OSS.
      Parameter Description
      fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider.
      fs.jfs.cache.oss.accessKeyId The AccessKey ID used to access an OSS bucket.
      fs.jfs.cache.oss.accessKeySecret The AccessKey secret used to access the OSS bucket.
    • EnvironmentVariableCredentialsProvider
      To use this credential provider, you must configure the related parameters in environment variables. The parameters are described in the following table.
      Parameter Description
      fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider.
      ALIYUN_ACCESS_KEY_ID The AccessKey ID used to access an OSS bucket.
      ALIYUN_ACCESS_KEY_SECRET The AccessKey secret used to access the OSS bucket.
      ALIYUN_SECURITY_TOKEN The temporary security token used to access the OSS bucket.
      Note This parameter is required only when you configure a token that has a validity period.
    • JindoCommonCredentialsProvider
      This is a common credential provider. After you configure the parameters described in the following table, you can use this credential provider in both JindoOSS and JindoFS.
      Parameter Description
      fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.JindoCommonCredentialsProvider.
      jindo.common.accessKeyId The AccessKey ID used to access an OSS bucket.
      jindo.common.accessKeySecret The AccessKey secret used to access the OSS bucket.
      jindo.common.securityToken The temporary security token used to access the OSS bucket.
    • EcsStsCredentialsProvider
      This credential provider does not require an AccessKey pair. You can access OSS in password-free mode.
      Parameter Description
      fs.jfs.cache.oss.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EcsStsCredentialsProvider.
  • Bucket-level configuration
    • TemporaryAliyunCredentialsProvider
      This credential provider is suitable for scenarios in which an AccessKey pair with a validity period and a security token with a validity period are used to access OSS.
      Parameter Description
      fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.TemporaryAliyunCredentialsProvider.
      fs.jfs.cache.oss.bucket.XXX.accessKeyId The AccessKey ID used to access an OSS bucket.
      fs.jfs.cache.oss.bucket.XXX.accessKeySecret The AccessKey secret used to access the OSS bucket.
      fs.jfs.cache.oss.bucket.XXX.securityToken The temporary security token used to access the OSS bucket.
    • SimpleAliyunCredentialsProvider
      This credential provider is suitable for scenarios in which an AccessKey pair with a long validity period is used to access OSS.
      Parameter Description
      fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.SimpleAliyunCredentialsProvider.
      fs.jfs.cache.oss.bucket.XXX.accessKeyId The AccessKey ID used to access an OSS bucket.
      fs.jfs.cache.oss.bucket.XXX.accessKeySecret The AccessKey secret used to access the OSS bucket.
    • EnvironmentVariableCredentialsProvider
      To use this credential provider, you must configure the related parameters in environment variables. The parameters are described in the following table.
      Parameter Description
      fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EnvironmentVariableCredentialsProvider.
      ALIYUN_ACCESS_KEY_ID The AccessKey ID used to access an OSS bucket.
      ALIYUN_ACCESS_KEY_SECRET The AccessKey secret used to access the OSS bucket.
      ALIYUN_SECURITY_TOKEN The temporary security token used to access the OSS bucket.
      Note This parameter is required only when you configure a token that has a validity period.
    • JindoCommonCredentialsProvider
      This is a common credential provider. After you configure the parameters described in the following table, you can use this credential provider in both JindoOSS and JindoFS.
      Parameter Description
      fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.JindoCommonCredentialsProvider.
      jindo.common.accessKeyId The AccessKey ID used to access an OSS bucket.
      jindo.common.accessKeySecret The AccessKey secret used to access the OSS bucket.
      jindo.common.securityToken The temporary security token used to access the OSS bucket.
    • EcsStsCredentialsProvider
      This credential provider does not require an AccessKey pair. You can access OSS in password-free mode.
      Parameter Description
      fs.jfs.cache.oss.bucket.XXX.credentials.provider Set this parameter to com.aliyun.emr.fs.auth.EcsStsCredentialsProvider.