All Products
Search
Document Center

E-MapReduce:Configure a credential provider of OSS or OSS-HDFS by bucket

Last Updated:Mar 26, 2026

When your EMR cluster accesses multiple OSS or OSS-HDFS buckets that belong to different accounts, or have different security requirements, you can assign a separate credential provider to each bucket. The bucket-level setting overrides the global credential configuration for that specific bucket and leaves all other buckets unaffected.

How it works

Set fs.oss.bucket.<bucket-name>.credentials.provider to assign a credential provider to a specific bucket. Replace <bucket-name> with the actual bucket name.

The property accepts a comma-separated list of provider class names. The system tries each provider in order and uses the first one that returns valid credentials.

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.credentials.provider</name>
        <value>com.aliyun.jindodata.oss.auth.SimpleAliyunCredentialsProvider,com.aliyun.jindodata.oss.auth.EnvironmentVariableCredentialsProvider,com.aliyun.jindodata.oss.auth.CommonCredentialsProvider</value>
        <description>Specify the credential provider implementation classes. Separate multiple classes with commas. The system reads credential values in sequence until a valid credential is found.</description>
    </property>
</configuration>

In the preceding code, XXX indicates the name of an OSS or OSS-HDFS bucket.

Choose a credential provider

Select a provider based on your use case:

Provider Full class name Use when
TemporaryCredentialsProvider com.aliyun.jindodata.oss.auth.TemporaryCredentialsProvider Accessing OSS or OSS-HDFS with a time-limited AccessKey pair and security token
SimpleCredentialsProvider com.aliyun.jindodata.oss.auth.SimpleCredentialsProvider Accessing OSS or OSS-HDFS with a permanently valid AccessKey pair
EnvironmentVariableCredentialsProvider com.aliyun.jindodata.oss.auth.EnvironmentVariableCredentialsProvider Reading the AccessKey pair from environment variables
CommonCredentialsProvider com.aliyun.jindodata.oss.auth.CommonCredentialsProvider General-purpose scenarios

TemporaryCredentialsProvider

Use this provider when accessing OSS or OSS-HDFS with a time-limited AccessKey pair and a security token.

Configure the provider

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.credentials.provider</name>
        <value>com.aliyun.jindodata.oss.auth.TemporaryCredentialsProvider</value>
    </property>
</configuration>

Configure the credentials

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.accessKeyId</name>
        <value>The AccessKey ID of the OSS or OSS-HDFS bucket</value>
    </property>
    <property>
        <name>fs.oss.bucket.XXX.accessKeySecret</name>
        <value>The AccessKey secret of the OSS or OSS-HDFS bucket</value>
    </property>
    <property>
        <name>fs.oss.bucket.XXX.securityToken</name>
        <value>The security token of the OSS or OSS-HDFS bucket</value>
    </property>
</configuration>

SimpleCredentialsProvider

Use this provider when accessing OSS or OSS-HDFS with a permanently valid AccessKey pair.

Configure the provider

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.credentials.provider</name>
        <value>com.aliyun.jindodata.oss.auth.SimpleCredentialsProvider</value>
    </property>
</configuration>

Configure the credentials

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.accessKeyId</name>
        <value>The AccessKey ID of the OSS or OSS-HDFS bucket</value>
    </property>
    <property>
        <name>fs.oss.bucket.XXX.accessKeySecret</name>
        <value>The AccessKey secret of the OSS or OSS-HDFS bucket</value>
    </property>
</configuration>

EnvironmentVariableCredentialsProvider

Use this provider when the AccessKey pair is injected through environment variables.

Configure the provider

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.credentials.provider</name>
        <value>com.aliyun.jindodata.oss.auth.EnvironmentVariableCredentialsProvider</value>
    </property>
</configuration>

Configure the environment variables

Set the following variables in your environment variable file:

Environment variable Description
OSS_ACCESS_KEY_ID The AccessKey ID used to access OSS or OSS-HDFS
OSS_ACCESS_KEY_SECRET The AccessKey secret used to access OSS or OSS-HDFS
OSS_SECURITY_TOKEN The security token used to access OSS or OSS-HDFS. Required only when using a time-limited security token.

CommonCredentialsProvider

Use this provider for general-purpose scenarios where credentials are shared across multiple configurations.

Configure the provider

<configuration>
    <property>
        <name>fs.oss.bucket.XXX.credentials.provider</name>
        <value>com.aliyun.jindodata.oss.auth.CommonCredentialsProvider</value>
    </property>
</configuration>

Configure the credentials

<configuration>
    <property>
        <name>jindo.common.accessKeyId</name>
        <value>The AccessKey ID of the OSS or OSS-HDFS bucket</value>
    </property>
    <property>
        <name>jindo.common.accessKeySecret</name>
        <value>The AccessKey secret of the OSS or OSS-HDFS bucket</value>
    </property>
    <property>
        <name>jindo.common.securityToken</name>
        <value>The security token of the OSS or OSS-HDFS bucket. Required only when using a time-limited security token.</value>
    </property>
</configuration>