bruno-roustant opened a new pull request, #108: URL: https://github.com/apache/solr-sandbox/pull/108
Added a new section in ENCRYPTION.md, here is an extract for the description: If you have a Key Management System to manage the encryption key lifecycle, then you can use the `org.apache.solr.encryption.kms.KmsKeySupplier`. In this case, it requires that the Solr client sends some key blob to the `EncryptionRequestHandler` in addition to the key id. The key blob contains an encrypted form of the key secret and enough data for your KMS to decrypt it and provide the clear-text key secret. The key blob is stored in the metadata of each index file. And when needed, the `KmsKeySupplier` calls your KMS with your `KmsClient` to decrypt the key blob and store the key secret in an in-memory key cache with automatic wiping of the cache entries after some short duration. `KmsKeySupplier` requires to define `KmsEncryptionRequestHandler` as the `EncryptionRequestHandler`. It requires the parameters `tenantId` and `encryptionKeyBlob` to be sent in the `SolrQueryRequest` when calling `KmsEncryptionRequestHandler`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
