Re: [PR] REST encryption integration [iceberg]

Sat, 01 Nov 2025 15:41:58 -0700 


huaxingao commented on code in PR #13225:
URL: https://github.com/apache/iceberg/pull/13225#discussion_r2483981686


##########
core/src/main/java/org/apache/iceberg/rest/RESTTableOperations.java:
##########
@@ -166,7 +208,67 @@ public void commit(TableMetadata base, TableMetadata 
metadata) {
 
   @Override
   public FileIO io() {
-    return io;
+    if (encryptionKeyId == null) {
+      return io;
+    }
+
+    if (encryptingFileIO == null) {
+      encryptingFileIO = EncryptingFileIO.combine(io, encryption());
+    }
+
+    return encryptingFileIO;
+  }
+
+  @Override
+  public EncryptionManager encryption() {
+    if (encryptionManager != null) {
+      return encryptionManager;
+    }
+
+    if (encryptionKeyId != null) {
+      if (kmsClient == null) {
+        throw new RuntimeException(
+            "Cant create encryption manager, because key management client is 
not set");
+      }
+
+      Map<String, String> tableProperties = Maps.newHashMap();
+      tableProperties.put(TableProperties.ENCRYPTION_TABLE_KEY, 
encryptionKeyId);
+      tableProperties.put(
+          TableProperties.ENCRYPTION_DEK_LENGTH, 
String.valueOf(encryptionDekLength));
+      encryptionManager =
+          EncryptionUtil.createEncryptionManager(
+              encryptedKeysFromMetadata, tableProperties, kmsClient);
+    } else {
+      return PlaintextEncryptionManager.instance();
+    }
+
+    return encryptionManager;
+  }
+
+  private void encryptionPropsFromMetadata(TableMetadata metadata) {

Review Comment:
   Thanks all. I’m aligned with the direction:
   - Server as source of truth: store encryption.key-id and 
encryption.dek-length in a trusted DB (not metadata.json).
   - LOAD: server returns these in LoadTableResponse.config
   - COMMIT: server rejects removals/mismatches with 409. For rotation, update 
the DB mapping; clients pick it up on next LOAD.
   - Doc: +1 to document this (threats + MUST/SHOULD). AES‑GCM shouldn’t be 
required; if a server chooses to invest in it, that’s fine. Recommend integrity 
defenses for implementations that keep metadata.json in object storage.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to