andersonm-ibm opened a new pull request #4080: URL: https://github.com/apache/iceberg/pull/4080
An implementation of the KmsClient API where master encryption keys are managed in Hashicorp Vault by its transit engine. The KMS client is configured with Hadoop configuration properties: ``` keystore.kms.client.access.token keystore.kms.client.instance.url ``` The token is passed as a hadoop property and not as an environment variable because of consistency. Security of the token is less of an issue here than in a file keystore, since it should be a non-root token that has a time-to-live (TTL). This PR depends on the encryption PRs, in particular the KMS client interface : https://github.com/apache/iceberg/pull/3470/. @ggershinsky -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
