ggershinsky commented on pull request #3470: URL: https://github.com/apache/iceberg/pull/3470#issuecomment-965095237
> @rdblue do you have any comments around the approach to go here? Ryan, your feedback will be appreciated. This doc section expands on this subject - https://docs.google.com/document/d/19O_qiQumz_66CdWLpw38GFJEsUpnNxXckP9rnYIQnCo/edit#heading=h.bq3t7sd49j30 Or, if I try to compress this subject in a few sentences, it would be something like this: - For new usecases, we create a minimal interface, based on the standard "envelope encryption" practice, and designed to enable connection to KMS/IAM of any org. - For existing usecases (if any) and for orgs that for some reason don't want to use envelope encryption (I currently can't see why), we will continue to support the EncryptionManager interface, and will add a missing code that can actually load these custom implementations; but this support shouldn't affect the simplicity/cleanliness of the new interface. - Finally (a smaller point), the new interface will allow users to plug custom file encryptors into the envelope encryption system, if they are not satisfied with the Iceberg built-in file encryptors (PME, ORC, GcmStream, AwsS3ClientStream). cc @rdblue -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
