This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/ozone-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new f970efc9 [auto] Generated docs from Apache Ozone master
c33f8e013e74db702a9d826b70a1618a133e9550
f970efc9 is described below
commit f970efc929487e9d8adf0b5cad36c3fc54cf5d67
Author: Github Actions <[email protected]>
AuthorDate: Thu Oct 23 12:47:16 2025 +0000
[auto] Generated docs from Apache Ozone master
c33f8e013e74db702a9d826b70a1618a133e9550
---
docs/edge/en/sitemap.xml | 2 +-
docs/edge/interface/ofs.html | 2 +-
docs/edge/security/securings3.html | 152 ++++++++++++++++++++++++++++++++++++-
docs/edge/sitemap.xml | 2 +-
4 files changed, 154 insertions(+), 4 deletions(-)
diff --git a/docs/edge/en/sitemap.xml b/docs/edge/en/sitemap.xml
index 41bd857c..cbff2898 100644
--- a/docs/edge/en/sitemap.xml
+++ b/docs/edge/en/sitemap.xml
@@ -374,7 +374,7 @@
<lastmod>2025-09-04T19:14:00+05:30</lastmod>
</url><url>
<loc>/security/securings3.html</loc>
- <lastmod>2025-04-03T04:52:21-07:00</lastmod>
+ <lastmod>2025-10-23T04:54:54-07:00</lastmod>
<xhtml:link
rel="alternate"
hreflang="zh"
diff --git a/docs/edge/interface/ofs.html b/docs/edge/interface/ofs.html
index cf720ba1..061d3182 100644
--- a/docs/edge/interface/ofs.html
+++ b/docs/edge/interface/ofs.html
@@ -670,7 +670,7 @@ For example:</p>
<p>Or use the put command to write a file to the bucket.</p>
<div class="highlight"><pre tabindex="0"
style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-bash" data-lang="bash"><span style="display:flex;"><span>hdfs
dfs -put /etc/hosts /volume1/bucket1/test</span></span></code></pre></div>
<p>For more usage, see: <a
href="https://issues.apache.org/jira/secure/attachment/12987636/Design%20ofs%20v1.pdf";>https://issues.apache.org/jira/secure/attachment/12987636/Design%20ofs%20v1.pdf</a></p>
-<h2 id="differences-from-o3fshahahugoshortcode123s5hbhb">Differences from <a
href="../interface/o3fs.html">o3fs</a></h2>
+<h2 id="differences-from-o3fshahahugoshortcode117s5hbhb">Differences from <a
href="../interface/o3fs.html">o3fs</a></h2>
<h3 id="creating-files">Creating files</h3>
<p>OFS doesn’t allow creating keys(files) directly under root or volumes.
Users will receive an error message when they try to do that:</p>
diff --git a/docs/edge/security/securings3.html
b/docs/edge/security/securings3.html
index 0311bc8d..165a9b6a 100644
--- a/docs/edge/security/securings3.html
+++ b/docs/edge/security/securings3.html
@@ -687,6 +687,156 @@ Ozone now provides a REST API endpoint that allows
administrators to revoke S3 a
<blockquote>
<p><strong>Note:</strong> Ensure your Kerberos authentication is correctly
configured, as secret revocation is a privileged operation.</p>
</blockquote>
+<h2 id="external-s3-secret-storage-with-hashicorp-vault">External S3 Secret
Storage with HashiCorp Vault</h2>
+<p>By default, S3 secrets are stored in the Ozone Manager’s RocksDB. For
enhanced security, Ozone can be configured to use HashiCorp Vault as an
external secret storage backend.</p>
+<h3 id="configuration">Configuration</h3>
+<p>To enable Vault integration, you need to configure the following properties
in <code>ozone-site.xml</code>:</p>
+<table>
+ <thead>
+ <tr>
+ <th>Property</th>
+ <th>Description</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><code>ozone.secret.s3.store.provider</code></td>
+ <td>The S3 secret storage provider to use. Set this to
<code>org.apache.hadoop.ozone.s3.remote.vault.VaultS3SecretStorageProvider</code>
to enable Vault.</td>
+ </tr>
+ <tr>
+ <td><code>ozone.secret.s3.store.remote.vault.address</code></td>
+ <td>The address of the Vault server (e.g.,
<code>http://vault:8200</code>).</td>
+ </tr>
+ <tr>
+ <td><code>ozone.secret.s3.store.remote.vault.namespace</code></td>
+ <td>The Vault namespace to use.</td>
+ </tr>
+ <tr>
+ <td><code>ozone.secret.s3.store.remote.vault.enginever</code></td>
+ <td>The version of the Vault secrets engine (e.g.,
<code>2</code>).</td>
+ </tr>
+ <tr>
+ <td><code>ozone.secret.s3.store.remote.vault.secretpath</code></td>
+ <td>The path where the secrets are stored in Vault.</td>
+ </tr>
+ <tr>
+ <td><code>ozone.secret.s3.store.remote.vault.auth</code></td>
+ <td>The authentication method to use with Vault. Supported values
are <code>TOKEN</code> and <code>APPROLE</code>.</td>
+ </tr>
+ <tr>
+ <td><code>ozone.secret.s3.store.remote.vault.auth.token</code></td>
+ <td>The Vault authentication token. Required if
<code>ozone.secret.s3.store.remote.vault.auth</code> is set to
<code>TOKEN</code>.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.auth.approle.id</code></td>
+ <td>The AppRole RoleID. Required if
<code>ozone.secret.s3.store.remote.vault.auth</code> is set to
<code>APPROLE</code>.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.auth.approle.secret</code></td>
+ <td>The AppRole SecretID. Required if
<code>ozone.secret.s3.store.remote.vault.auth</code> is set to
<code>APPROLE</code>.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.auth.approle.path</code></td>
+ <td>The AppRole path. Required if
<code>ozone.secret.s3.store.remote.vault.auth</code> is set to
<code>APPROLE</code>.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.trust.store.type</code></td>
+ <td>The type of the trust store (e.g., <code>JKS</code>).</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.trust.store.path</code></td>
+ <td>The path to the trust store file.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.trust.store.password</code></td>
+ <td>The password for the trust store.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.key.store.type</code></td>
+ <td>The type of the key store (e.g., <code>JKS</code>).</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.key.store.path</code></td>
+ <td>The path to the key store file.</td>
+ </tr>
+ <tr>
+
<td><code>ozone.secret.s3.store.remote.vault.key.store.password</code></td>
+ <td>The password for the key store.</td>
+ </tr>
+ </tbody>
+</table>
+<h3 id="example">Example</h3>
+<p>Here is an example of how to configure Ozone to use Vault for S3 secret
storage with token authentication:</p>
+<div class="highlight"><pre tabindex="0"
style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-xml" data-lang="xml"><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.provider<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>org.apache.hadoop.ozone.s3.remote.vault.VaultS3SecretStorageProvider<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.address<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>http://localhost:8200<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.enginever<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>2<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.secretpath<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>secret<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.auth<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>TOKEN<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.auth.token<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>your-vault-token<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span></code></pre></div><h3 id="example-with-ssl">Example with
SSL</h3>
+<p>Here is an example of how to configure Ozone to use Vault for S3 secret
storage with SSL:</p>
+<div class="highlight"><pre tabindex="0"
style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-xml" data-lang="xml"><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.provider<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>org.apache.hadoop.ozone.s3.remote.vault.VaultS3SecretStorageProvider<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.address<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>https://localhost:8200<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.enginever<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>2<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.secretpath<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>secret<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.auth<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>TOKEN<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.auth.token<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>your-vault-token<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.trust.store.path<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>/path/to/truststore.jks<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.trust.store.password<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>truststore-password<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.key.store.path<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>/path/to/keystore.jks<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"><property></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><name></span>ozone.secret.s3.store.remote.vault.key.store.password<span
style="color:#f92672"></name></span>
+</span></span><span style="display:flex;"><span> <span
style="color:#f92672"><value></span>keystore-password<span
style="color:#f92672"></value></span>
+</span></span><span style="display:flex;"><span><span
style="color:#f92672"></property></span>
+</span></span></code></pre></div><h3 id="references">References</h3>
+<ul>
+<li><a href="https://developer.hashicorp.com/vault/docs";>HashiCorp Vault
Documentation</a></li>
+</ul>
@@ -706,7 +856,7 @@ Ozone now provides a REST API endpoint that allows
administrators to revoke S3 a
<footer class="footer">
<div class="container">
<span class="small text-muted">
- Version: 2.1.0-SNAPSHOT, Last Modified: April 3, 2025 <a
class="hide-child link primary-color"
href="https://github.com/apache/ozone/commit/ed0111582f913ea9d67de0c8bea6445b8a653759";>ed0111582f</a>
+ Version: 2.1.0-SNAPSHOT, Last Modified: October 23, 2025 <a
class="hide-child link primary-color"
href="https://github.com/apache/ozone/commit/c33f8e013e74db702a9d826b70a1618a133e9550";>c33f8e013e</a>
</span>
</div>
</footer>
diff --git a/docs/edge/sitemap.xml b/docs/edge/sitemap.xml
index 83cb1794..a2088e11 100644
--- a/docs/edge/sitemap.xml
+++ b/docs/edge/sitemap.xml
@@ -4,7 +4,7 @@
<sitemap>
<loc>/en/sitemap.xml</loc>
- <lastmod>2025-10-16T09:06:36+05:30</lastmod>
+ <lastmod>2025-10-23T04:54:54-07:00</lastmod>
</sitemap>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
