milleruntime commented on a change in pull request #2197:
URL: https://github.com/apache/accumulo/pull/2197#discussion_r678581043
##########
File path: core/src/main/java/org/apache/accumulo/core/conf/Property.java
##########
@@ -894,6 +893,21 @@
TABLE_COMPACTION_STRATEGY_PREFIX("table.majc.compaction.strategy.opts.",
null,
PropertyType.PREFIX,
"Properties in this category are used to configure the compaction
strategy.", "1.6.0"),
+ // Crypto-related properties
+ @Experimental
+ TABLE_CRYPTO_PREFIX("table.crypto.opts.", null, PropertyType.PREFIX,
+ "Properties related to on-disk file encryption.", "2.1.0"),
+ @Experimental
+ @Sensitive
+ TABLE_CRYPTO_SENSITIVE_PREFIX("table.crypto.opts.sensitive.", null,
PropertyType.PREFIX,
+ "Sensitive properties related to on-disk file encryption.", "2.1.0"),
+ @Experimental
+ TABLE_CRYPTO_SERVICE("table.crypto.service",
+ "org.apache.accumulo.core.spi.crypto.NoCryptoService",
PropertyType.CLASSNAME,
+ "The class which executes on-disk table encryption/decryption. The
default does "
+ + "nothing. This property must be a classname with an implementation
of the "
+ + "org.apache.accumulo.core.spi.crypto.CryptoService interface.",
+ "2.1.0"),
Review comment:
Just so we are on the same page, you are saying we should just have one
`instance.crypto.service` for the whole instance? Then if you want to specify
what tables to use it, say just have a list the tables to encrypt?
`instance.crypto.tables=table1,table2,table3`
`instance.crypto.wal.enabled=true`
I think that would be easier then having something like:
`instance.crypto.service.table1=true`
`instance.crypto.service.table2=true`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
