Andrew Olson created HADOOP-13075: ------------------------------------- Summary: Add support for SSE-KMS and SSE-C in s3a filesystem Key: HADOOP-13075 URL: https://issues.apache.org/jira/browse/HADOOP-13075 Project: Hadoop Common Issue Type: New Feature Components: fs/s3 Reporter: Andrew Olson
S3 provides 3 types of server-side encryption [1], * SSE-S3 (Amazon S3-Managed Keys) [2] * SSE-KMS (AWS KMS-Managed Keys) [3] * SSE-C (Customer-Provided Keys) [4] Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 - the underlying aws-java-sdk makes that very simple [5]. With native support in aws-java-sdk it should be fairly straightforward [6],[7] to support these other two flavors of SSE with some additional fs.s3a configuration properties. [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html [2] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html [4] http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html [6] http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org