do not default cipher key length

Author: maltesander

CHANGELOG.md

@@ -10,7 +10,7 @@ All notable changes to this project will be documented in this file.
   - Use `--file-log-max-files` (or `FILE_LOG_MAX_FILES`) to limit the number of log files kept.
   - Use `--file-log-rotation-period` (or `FILE_LOG_ROTATION_PERIOD`) to configure the frequency of rotation.
   - Use `--console-log-format` (or `CONSOLE_LOG_FORMAT`) to set the format to `plain` (default) or `json`.
-- The operator now sets defaults for `dfs.encrypt.data.transfer.cipher.suite` (`AES/CTR/NoPadding`) and `dfs.encrypt.data.transfer.cipher.key.bitlength` (`128`) to improve security and performance ([#693]).
+- The operator now defaults to `AES/CTR/NoPadding` for `dfs.encrypt.data.transfer.cipher.suite` to improve security and performance ([#693]).
 
 ### Changed
 

docs/modules/hdfs/pages/usage-guide/security.adoc

@@ -33,7 +33,7 @@ The `kerberos.secretClass` is used to give HDFS the possibility to request keyta
 
 The `tlsSecretClass` is needed to request TLS certificates, used e.g. for the Web UIs.
 
-NOTE: The hdfs-operator uses the cipher suite `AES/CTR/NoPadding` with a 128 Bit key per default. This can be changed using config overrides.
+NOTE: The hdfs-operator defaults to `AES/CTR/NoPadding` for `dfs.encrypt.data.transfer.cipher.suite` with a default key length of 128 Bit. This can be changed using config overrides.
 
 === 4. Verify that Kerberos authentication is required
 Use `stackablectl stacklet list` to get the endpoints where the HDFS namenodes are reachable.

rust/operator-binary/src/security/kerberos.rs

@@ -56,7 +56,6 @@ impl HdfsSiteConfigBuilder {
             "dfs.encrypt.data.transfer.cipher.suite",
             "AES/CTR/NoPadding",
         );
-        self.add("dfs.encrypt.data.transfer.cipher.key.bitlength", "128");
         self
     }
 }