collado-mike commented on PR #1424: URL: https://github.com/apache/polaris/pull/1424#issuecomment-2844180646
> while there is still not an issue with users who are only using SSE, if the user is using CSE anywhere else within their AWS account, this could present a security issue as credentials vended by Polaris could be used by a malicious user against CSE objects. Notably, if any KMS keys that the IAM role has access to are being used for anything client-side (e.g., encrypted DDB, or local files or anything really), the caller can use the credentials vended to immediately start decrypting anything with those keys. I know there is some churn in the encryption configuration in Iceberg, but I also know that `s3.sse.key` is a property that's currently used to specify the KMS key associated with a table. The current `getSubscopedCreds` API doesn't take in table properties now, but can we make that change to allow specific keys to be passed in and added to the policy? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@polaris.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
