Securing internal communications in a Trino cluster

Although securing the coordinator is one of the first things that makes a deployment more productive (and SAFE!), there is still the concern about securing communications between the coordinator-worker(s) so that network snooping is addressed.

Back when everything was tied to Hadoop and Kerberos was the only game in town, using keytabs and SSL were a hard requirement for many.

Since 34x releases, Trino has provided a simpler solution that still provides good security and works without the need to get wrapped up with Kerberos realms and managing keytabs.

Shared Secrets

The idea of a shared secret is one that enables all the nodes in a cluster work with a common key (“secret”) and protects the internal traffic.
https://trino.io/docs/current/security/internal-communication.html

As we see from many cloud based deployments, implementing Kerberos is not only difficult to manage but does not (easily) lend itself to cluster elasticity.