pitrou commented on code in PR #47339:
URL: https://github.com/apache/arrow/pull/47339#discussion_r2284789986
##########
python/pyarrow/_parquet_encryption.pyx:
##########
@@ -300,20 +306,29 @@ cdef class KmsConnectionConfig(_Weakrefable):
# Callback definitions for CPyKmsClientVtable
cdef void _cb_wrap_key(
- handler, const c_string& key_bytes,
+ handler, const CSecureString& key,
const c_string& master_key_identifier, c_string* out) except *:
+ cdef:
+ cpp_string_view view = key.as_view()
+ key_bytes = PyObject_to_object(
+ PyBytes_FromStringAndSizeNative(view.data(), view.size()))
Review Comment:
Of course this means the `bytes` object payload won't be cleared securely
like the `SecureString` is.
We could try to tackle this as a followup issue/PR. `bytes` objects being
immutable, this might be a bit delicate...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@arrow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
