[GitHub] [ozone] bharatviswa504 commented on a change in pull request #2504: HDDS-5508. Add documentation regarding access encrypted buckets from S3G

[GitBox <gi...@apache.org>]

bharatviswa504 commented on a change in pull request #2504:
URL: https://github.com/apache/ozone/pull/2504#discussion_r686223923



##########
File path: hadoop-hdds/docs/content/security/SecuringTDE.md
##########
@@ -66,3 +66,57 @@ via the encKey and while reading the clients will talk to Key Management
 Server and read the key and decrypt it. In other words, the data stored
 inside Ozone is always encrypted. The fact that data is encrypted at rest
 will be completely transparent to the clients and end users.
+
+### Using Transparent Data Encryption from S3G
+
+To use TDE from S3 interface, it can be done in 2 ways.
+
+####1. Create a bucket using shell under "/s3v" volume
+
+  ```bash
+  ozone sh bucket create -k encKey /s3v/encryptedBucket
+  ```
+####2. Create a link to an encrypted bucket under "/s3v" volume
+
+  ```bash
+  ozone sh bucket create -k encKey /vol/encryptedBucket
+  ozone sh bucket link  /vol/encryptedBucket /s3v/linkencryptedbucket
+  ```
+
+After this, all the keys created using s3g in the buckets will be encrypted.
+
+In non-secure mode, the user running the S3Gateway is the proxy user, 
+while in secure mode the user in Kerberos keytab is the proxy user. 

Review comment:
       Accessing means here keytab user implicitly?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org