[
https://issues.apache.org/jira/browse/HADOOP-15006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312157#comment-16312157
]
Xiao Chen commented on HADOOP-15006:
------------------------------------
Had a sync with [~moist], summarizing some points discussed:
- Using a new hadoop crypto would give us more freedom and cleaner interfaces.
- We can be fancy to support hybrid hdfs + s3 setup in crypto commands, but
perhaps only makes sense if we actually support hybrid hadoop cluster.
- I'm okay with option 5 to store BEZI and OEMI, but we should get [~fabbri]'s
comments from his past experience.
- No support on messing with things directly in S3.
- Atomicity is delegated to DynamoDB (read after write), and it seems there
should not be scenarios where the BEZI and OEMI mismatching with the actual dir
/ file in DynamoDB. Need to think about this carefully though since any miss
could become a data loss
> Encrypt S3A data client-side with Hadoop libraries & Hadoop KMS
> ---------------------------------------------------------------
>
> Key: HADOOP-15006
> URL: https://issues.apache.org/jira/browse/HADOOP-15006
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs/s3, kms
> Reporter: Steve Moist
> Priority: Minor
> Attachments: S3-CSE Proposal.pdf
>
>
> This is for the proposal to introduce Client Side Encryption to S3 in such a
> way that it can leverage HDFS transparent encryption, use the Hadoop KMS to
> manage keys, use the `hdfs crypto` command line tools to manage encryption
> zones in the cloud, and enable distcp to copy from HDFS to S3 (and
> vice-versa) with data still encrypted.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
