[GitHub] [jackrabbit-oak] mreutegg commented on a diff in pull request #960: OAK-10093 : provided support for SSE Customer Keys for AWS

Thu, 15 Jun 2023 02:50:35 -0700 


mreutegg commented on code in PR #960:
URL: https://github.com/apache/jackrabbit-oak/pull/960#discussion_r1230694091


##########
oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java:
##########
@@ -107,11 +107,23 @@ public final class S3Constants {
      */
     public static final String S3_ENCRYPTION_SSE_KMS = "SSE_KMS";
 
+    /**
+     *  Constant to set SSE_KMS encryption.

Review Comment:
   I think this comment is wrong.
   ```suggestion
        *  Constant to set SSE_C encryption.
   ```



##########
oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java:
##########
@@ -107,11 +107,23 @@ public final class S3Constants {
      */
     public static final String S3_ENCRYPTION_SSE_KMS = "SSE_KMS";
 
+    /**
+     *  Constant to set SSE_KMS encryption.
+     */
+    public static final String S3_ENCRYPTION_SSE_C = "SSE_C";
+
     /**
      *  Constant to set keyID for SSE_KMS encryption.
      */
     public static final String S3_SSE_KMS_KEYID = "kmsKeyId";
 
+    /**
+     *  Constant to set base64 encoded keyID for SSE_C encryption.

Review Comment:
   I think keyID is misleading. This is the actual customer key.



##########
oak-blob-cloud/src/main/java/org/apache/jackrabbit/oak/blob/cloud/s3/S3Constants.java:
##########
@@ -107,11 +107,23 @@ public final class S3Constants {
      */
     public static final String S3_ENCRYPTION_SSE_KMS = "SSE_KMS";
 
+    /**
+     *  Constant to set SSE_KMS encryption.
+     */
+    public static final String S3_ENCRYPTION_SSE_C = "SSE_C";
+
     /**
      *  Constant to set keyID for SSE_KMS encryption.
      */
     public static final String S3_SSE_KMS_KEYID = "kmsKeyId";
 
+    /**
+     *  Constant to set base64 encoded keyID for SSE_C encryption.
+     */
+    // please use  'openssl rand -base64 -out ssec.key 32' command to
+    // generate base64 encoded 32 bytes string customer key for SSE_C
+    public static final String S3_SSE_C_KEYID = "sseCustomerKeyId";

Review Comment:
   I would rename this.
   ```suggestion
       public static final String S3_SSE_C_KEY = "sseCustomerKey";
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to