ggershinsky commented on pull request #2444: URL: https://github.com/apache/iceberg/pull/2444#issuecomment-817487539
hi guys, regarding the table KEK (or MEK). I think we should always have an option (might be the default) to keep the master keys in a KMS, so they can be stored in the safe HSM modules, with their access control managed by the production-grade IAM systems, etc. Not all KMS systems support arbitrary key IDs. Some generate master keys with a system-specific ID, that then can be used by us for table encryption. In other words, we should have an option to take external key ID as an input (instead of generating the ID), and store it in table's configuration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
