davidarcher commented on issue #1823: HADOOP-16794 S3 Encryption key is not getting set properly during put operation. URL: https://github.com/apache/hadoop/pull/1823#issuecomment-582749303 > @davidarcher -so if we add an extra header, that will do it? OK. Yeah, it's mentioned in the [S3 docs](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html#require-sse-kms): > When you upload an object, you can specify the AWS KMS CMK using the `x-amz-server-side-encryption-aws-kms-key-id` header. If the header is not present in the request, Amazon S3 assumes the AWS managed CMK. The "AWS managed CMK" here means the generic `aws/s3` KMS key. For context, my use case is Apache Spark jobs writing to S3 buckets. The client has no encryption settings specified and each bucket is configured with its own KMS key set as the default encryption. We noticed that files were still showing up using the generic `aws/s3` key and determined it is because of this behavior of files being uploaded and then renamed to their final name (and switching to the generic `aws/s3` KMS key due to this bug).
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
