Securing internal communications in a Trino cluster

Although securing the coordinator is one of the first things that makes a deployment more productive (and SAFE!), there is still the concern about securing communications between the coordinator-worker(s) so that network snooping is addressed.

Back when everything was tied to Hadoop and Kerberos was the only game in town, using keytabs and SSL were a hard requirement for many.

Since 34x releases, Trino has provided a simpler solution that still provides good security and works without the need to get wrapped up with Kerberos realms and managing keytabs.

Shared Secrets

The idea of a shared secret is one that enables all the nodes in a cluster work with a common key (“secret”) and protects the internal traffic.

As we see from many cloud based deployments, implementing Kerberos is not only difficult to manage but does not (easily) lend itself to cluster elasticity.