[
https://issues.apache.org/jira/browse/HADOOP-17912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779486#comment-17779486
]
ASF GitHub Bot commented on HADOOP-17912:
-----------------------------------------
saxenapranav opened a new pull request, #6221:
URL: https://github.com/apache/hadoop/pull/6221
This is a revival of PR https://github.com/apache/hadoop/pull/3440. The
author of the PR has left the team and hence creating a new PR (as new changes
(backmerge with trunk, comment-resolution) can't be pushed to the original pr).
Description of the pr:
PR introduces use of different customer-provided keys per encrypted file,
superseding the global key use in
[HADOOP-17536](https://issues.apache.org/jira/browse/HADOOP-17536).
Adding ABFS driver support for an EncryptionContextProvider plugin to
retrieve encryption information, the implementation for which should be
provided by the client. When encryption is activated for an account, file
creation will involve ABFS driver fetching an encryption context and encryption
key from the provider. These will be sent as request headers to the server,
which handles encryption/decryption. The server will store the encryption
context as system metadata for a file. Any subsequent REST calls to the server
to access data or user metadata will require sending the encryption key
headers. The encryption context of a file can be obtained through response
headers of a GetPathStatus call, and then used to fetch the encryption key from
the encryption provider.
New configs:
`fs.azure.encryption.encoded.client-provided-key`: Server side encryption
key encoded in Base6format
`fs.azure.encryption.encoded.client-provided-key-sha`: SHA256 hash of
encryption key encoded in Base64format
`fs.azure.encryption.context.provider.type`: Custom
EncryptionContextProvider type
> ABFS: Support for Encryption Context
> ------------------------------------
>
> Key: HADOOP-17912
> URL: https://issues.apache.org/jira/browse/HADOOP-17912
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/azure
> Affects Versions: 3.3.1
> Reporter: Sumangala Patki
> Assignee: Pranav Saxena
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Support for customer-provided encryption keys at the file level, superceding
> the global (account-level) key use in HADOOP-17536.
> ABFS driver will support an "EncryptionContext" plugin for retrieving
> encryption information, the implementation for which should be provided by
> the client. The keys/context retrieved will be sent via request headers to
> the server, which will store the encryption context. Subsequent REST calls to
> server that access data/user metadata of the file will require fetching the
> encryption context through a GetFileProperties call and retrieving the key
> from the custom provider, before sending the request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
