[
https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15905750#comment-15905750
]
Steve Loughran commented on HADOOP-13887:
-----------------------------------------
most (all?) of us don't know about how s3 client side encryption works, so
these details are not something we necessarily have valid opinions on.
A simpler set of options is way easier to test & document, unless people have a
very special need for custom things. Custom stuff can always be added in
future if there is lots of pent up demand, but if it goes in now, can never be
taken away,
What I do want to do is make sure that we don't endanger security by leaking
secrets (e.g. logging them), or by not actually encrypting data the way we
promise. What can be done there is the same test we now have for SSE : verify
that a different S3A client cannot read data written by one with different
secrets.
> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
> Key: HADOOP-13887
> URL: https://issues.apache.org/jira/browse/HADOOP-13887
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 2.8.0
> Reporter: Jeeyoung Kim
> Assignee: Igor Mazur
> Priority: Minor
> Attachments: HADOOP-14171-001.patch
>
>
> Expose the client-side encryption option documented in Amazon S3
> documentation -
> http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS
> Java SDK, which Hadoop currently includes. It should be trivial to propagate
> this as a parameter passed to the S3client used in S3AFileSystem.java
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
