jojochuang opened a new pull request, #8530: URL: https://github.com/apache/ozone/pull/8530
## What changes were proposed in this pull request? HDDS-13148. [Docs] Update Transparent Data Encryption doc. Please describe your PR in detail: * Generated-by: Google Gemini 2.5 Pro (Preview) with the following prompt: ``` I want to update the current Ozone's Transparent Data Encryption page https://ozone.apache.org/docs/edge/security/securingtde.html with the following instructions: The Ozone TDE doc is written with the assumption that user is familiar with HDFS TDE, which may not be the case. We should update the doc such that (1) It does not require prior knowledge in HDFS TDE. (2) Ozone can work with Hadoop KMS and Ranger KMS. We should mention Ranger KMS in the doc. (3) For Ranger KMS, encryption key can also be managed by Ranger KMS management console or its REST API. (4) hadoop key create enckey command has additional parameters: -size: specifies key bit length. Ozone supports 128 and 256 bits; -cipher: only AES/CTR/NoPadding (default) is supported as of now. (5) Add reference to Transparent Encryption in HDFS: https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html and Hadoop KMS doc: https://hadoop.apache.org/docs/r3.4.1/hadoop-kms/index.html (6) For the section Using Transparent Data Encryption from S3G, we should mention Ozone does not support S3-SSE (Server-Side Encryption) or S3-CSE (Client-Side Encryption). That said, Ozone S3 buckets can be encrypted using Ranger/Hadoop KMS to provide the same guarantee as S3-SSE with client-supplied key (S3 SSE-C). (7) For section KMS Authorization: provide examples. Be succinct. Insert new text to the existing content, instead of rewriting everything. ``` ## What is the link to the Apache JIRA https://issues.apache.org/jira/browse/HDDS-13148 ## How was this patch tested? User doc only update. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For additional commands, e-mail: issues-h...@ozone.apache.org
