T - The type of the token identifier@InterfaceAudience.Public @InterfaceStability.Evolving public abstract class SecretManager<T extends TokenIdentifier> extends Object
| Constructor and Description | 
|---|
| SecretManager() | 
| Modifier and Type | Method and Description | 
|---|---|
| void | checkAvailableForRead()No-op if the secret manager is available for reading tokens, throw a
 StandbyException otherwise. | 
| abstract T | createIdentifier()Create an empty token identifier. | 
| static byte[] | createPassword(byte[] identifier,
              SecretKey key)Compute HMAC of the identifier using the secret key and return the 
 output as password | 
| protected abstract byte[] | createPassword(T identifier)Create the password for the given identifier. | 
| protected static SecretKey | createSecretKey(byte[] key)Convert the byte[] to a secret key | 
| protected SecretKey | generateSecret()Generate a new random secret key. | 
| byte[] | retriableRetrievePassword(T identifier)The same functionality with  retrievePassword(T), except that this 
 method can throw aRetriableExceptionor aStandbyExceptionto indicate that client can retry/failover the same operation because of 
 temporary issue on the server side. | 
| abstract byte[] | retrievePassword(T identifier)Retrieve the password for the given token identifier. | 
protected abstract byte[] createPassword(T identifier)
identifier - the identifier to usepublic abstract byte[] retrievePassword(T identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken
identifier - the identifier to validateorg.apache.hadoop.security.token.SecretManager.InvalidToken - the token was invalidpublic byte[] retriableRetrievePassword(T identifier) throws org.apache.hadoop.security.token.SecretManager.InvalidToken, org.apache.hadoop.ipc.StandbyException, org.apache.hadoop.ipc.RetriableException, IOException
retrievePassword(T), except that this 
 method can throw a RetriableException or a StandbyException
 to indicate that client can retry/failover the same operation because of 
 temporary issue on the server side.identifier - the identifier to validateorg.apache.hadoop.security.token.SecretManager.InvalidToken - the token was invalidorg.apache.hadoop.ipc.StandbyException - the server is in standby state, the client can
         try other serversorg.apache.hadoop.ipc.RetriableException - the token was invalid, and the server thinks 
         this may be a temporary issue and suggests the client to retryIOException - to allow future exceptions to be added without breaking
         compatibilitypublic abstract T createIdentifier()
public void checkAvailableForRead()
                           throws org.apache.hadoop.ipc.StandbyException
org.apache.hadoop.ipc.StandbyException - if the secret manager is not available to read
         tokensprotected SecretKey generateSecret()
public static byte[] createPassword(byte[] identifier,
                                    SecretKey key)
identifier - the bytes of the identifierkey - the secret keyprotected static SecretKey createSecretKey(byte[] key)
key - the byte[] to create a secret key fromCopyright © 2025 Apache Software Foundation. All rights reserved.