mukund-thakur commented on a change in pull request #2706: URL: https://github.com/apache/hadoop/pull/2706#discussion_r668725098
########## File path: hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/index.md ########## @@ -2029,3 +2029,51 @@ signer for all services. For a specific service, the service specific signer is looked up first. If that is not specified, the common signer is looked up. If this is not specified as well, SDK settings are used. + +### <a name="cse"></a> Amazon S3 Client Side Encryption +Amazon S3 Client Side Encryption(CSE), uses `AmazonS3EncryptionClientV2.java +` AmazonS3 client. The encryption and decryption is done in AWS SDK side. Atm +, Only KMS CSE method is supported. + +What is needed to be set to enable CSE for a bucket? +- Create an AWS KMS Key ID from AWS console for your bucket, with same region as + your bucket. +- If already created, [view the kms key ID by these steps.](https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html) +- Set `fs.s3a.cse.method=KMS`. +- Set `fs.s3a.cse.kms.keyId=<KMS_KEY_ID>`. Review comment: I think property name is wrong. should be `fs.s3a.cse.kms.key-id`. Found while running tests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
