[
https://issues.apache.org/jira/browse/SOLR-15680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17433129#comment-17433129
]
Houston Putman commented on SOLR-15680:
---------------------------------------
Apparently the AWS V2 JAVA SDK does not support client-side encryption yet. The
feature was dropped in the v1->v2 migration, and has not been added back yet.
The team does say that they are currently working on it, so we might have a
solution sometime later this year or early next year.
https://github.com/aws/aws-encryption-sdk-java/issues/58
https://github.com/aws/aws-sdk-java-v2/issues/34
Without the client-enablement, this is a much larger task. We might wait until
the AWS V2 API supports it before moving forward.
> Allow for client-side encryption of backup data with S3
> -------------------------------------------------------
>
> Key: SOLR-15680
> URL: https://issues.apache.org/jira/browse/SOLR-15680
> Project: Solr
> Issue Type: Improvement
> Components: contrib - S3 Repository
> Reporter: Houston Putman
> Priority: Major
>
> The S3 repository module does not currently allow for client-side encryption
> of backup data before sending it to S3 (or decrypting after receiving the
> information).
> The [AWS S3
> SDK|https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html]
> makes it very easy to enable client-side encryption. You have the option of
> using:
> * An AWS KMS key to encrypt/decrypt the data
> * A custom root key provided to Solr, not specific to AWS
> I think enabling both of these options would be great, and really the only
> things necessary to do are:
> * Add the config options so that users can specify clientSideEncryption
> options via their solr.xml
> * Change the AWS client to be an AmazonS3EncryptionClient, and then all
> operations using the client will automatically be encrypted/decrypted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
