saxenapranav opened a new pull request, #6221: URL: https://github.com/apache/hadoop/pull/6221
This is a revival of PR https://github.com/apache/hadoop/pull/3440. The author of the PR has left the team and hence creating a new PR (as new changes (backmerge with trunk, comment-resolution) can't be pushed to the original pr). Description of the pr: PR introduces use of different customer-provided keys per encrypted file, superseding the global key use in [HADOOP-17536](https://issues.apache.org/jira/browse/HADOOP-17536). Adding ABFS driver support for an EncryptionContextProvider plugin to retrieve encryption information, the implementation for which should be provided by the client. When encryption is activated for an account, file creation will involve ABFS driver fetching an encryption context and encryption key from the provider. These will be sent as request headers to the server, which handles encryption/decryption. The server will store the encryption context as system metadata for a file. Any subsequent REST calls to the server to access data or user metadata will require sending the encryption key headers. The encryption context of a file can be obtained through response headers of a GetPathStatus call, and then used to fetch the encryption key from the encryption provider. New configs: `fs.azure.encryption.encoded.client-provided-key`: Server side encryption key encoded in Base6format `fs.azure.encryption.encoded.client-provided-key-sha`: SHA256 hash of encryption key encoded in Base64format `fs.azure.encryption.context.provider.type`: Custom EncryptionContextProvider type -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
