[
https://issues.apache.org/jira/browse/OAK-10093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17732971#comment-17732971
]
Marcel Reutegger commented on OAK-10093:
----------------------------------------
AFAIU [direct binary
access|https://jackrabbit.apache.org/oak/docs/features/direct-binary-access.html]
feature won't work with customer provided keys. Pre-signed URIs can be
created, but when you use such a signed URI you need to know the customer
provided key.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-and-presignedurl
The primary use for direct binary access is to return a pre-signed URI to the
browser and let it download a binary directly from blob storage. This won't
work with a customer provided key, because the browser doesn't know and must
not have the key.
I think this should be mentioned somewhere in the Oak documentation.
> Oak Blob Store support for SSE-C for AWS
> ----------------------------------------
>
> Key: OAK-10093
> URL: https://issues.apache.org/jira/browse/OAK-10093
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Reporter: Rishabh Kumar
> Assignee: Rishabh Daim
> Priority: Major
>
> We need to provide the support for Customer Managed keys for Oak Blob Store
> for AWS.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
