Houston Putman created SOLR-15680:
-------------------------------------
Summary: Allow for client-side encryption of backup data with S3
Key: SOLR-15680
URL: https://issues.apache.org/jira/browse/SOLR-15680
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: contrib - S3 Repository
Reporter: Houston Putman
The S3 repository module does not currently allow for client-side encryption of
backup data before sending it to S3 (or decrypting after receiving the
information).
The [AWS S3
SDK|https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html]
makes it very easy to enable client-side encryption. You have the option of
using:
* An AWS KMS key to encrypt/decrypt the data
* A custom root key provided to Solr, not specific to AWS
I think enabling both of these options would be great, and really the only
things necessary to do are:
* Add the config options so that users can specify clientSideEncryption options
via their solr.xml
* Change the AWS client to be an AmazonS3EncryptionClient, and then all
operations using the client will automatically be encrypted/decrypted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
