Re: [PR] GH-41246: [Docs][C++][Python] Improve docs on column encryption for nested fields [arrow]

Tue, 25 Mar 2025 12:14:26 -0700 


EnricoMi commented on code in PR #45411:
URL: https://github.com/apache/arrow/pull/45411#discussion_r2012077997


##########
docs/source/cpp/parquet.rst:
##########
@@ -585,6 +585,51 @@ More specifically, Parquet C++ supports:
 * EncryptionWithFooterKey and EncryptionWithColumnKey modes.
 * Encrypted Footer and Plaintext Footer modes.
 
+Configuration
+~~~~~~~~~~~~~
+
+Parquet encryption uses a ``parquet::encryption::CryptoFactory`` that has 
access to a
+Key Management System (KMS), which stores actual encryption keys, referenced 
by key ids.
+The Parquet encryption configuration only uses key ids, no actual keys.
+
+Parquet metadata encryption is configured via 
``parquet::encryption::EncryptionConfiguration``:
+
+.. literalinclude:: ../../../cpp/examples/arrow/parquet_column_encryption.cc
+   :language: cpp
+   :start-at: // Set write options with encryption configuration
+   :end-before: encryption_config->column_keys
+   :dedent: 2
+
+All columns are encrypted with the same key as the Parquet metadata when above
+``encryption_config->uniform_encryption`` is set ``true``.
+
+Individual columns are encrypted with individual keys as configured via 
``encryption_config->column_keys``.
+This field expects a string of the format 
``"columnKeyID:colName,colName;columnKeyID:colName..."``.
+
+.. literalinclude:: ../../../cpp/examples/arrow/parquet_column_encryption.cc
+   :language: cpp
+   :start-at: // Set write options with encryption configuration
+   :end-before: auto parquet_encryption_config
+   :emphasize-lines: 4-5
+   :dedent: 2
+
+See the full `Parquet column encryption example 
<examples/parquet_column_encryption.html>`_.
+
+.. note::
+
+   Encrypting columns that have nested fields (struct, map, or even list data 
types)
+   requires column keys for the inner fields, not the column itself.
+   Configuring a column key for the column itself causes this error (here 
column name is ``col``):

Review Comment:
   I find `nested column` ambiguous, it sounds like the inner column, the 
nested field.
   
   What about `outer column` instead of `nested column`?
   
   ```suggestion
      Encrypting columns that have nested fields (struct, map, or even list 
data types)
      requires column keys for the inner fields, not the outer column itself.
      Configuring a column key for the outer column causes this error (here 
column name is ``col``):
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to