You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Andrew Olson (JIRA)" <ji...@apache.org> on 2016/04/29 21:55:12 UTC

[jira] [Created] (HADOOP-13075) Add support for SSE-KMS and SSE-C in s3a filesystem

Andrew Olson created HADOOP-13075:
-------------------------------------

             Summary: Add support for SSE-KMS and SSE-C in s3a filesystem
                 Key: HADOOP-13075
                 URL: https://issues.apache.org/jira/browse/HADOOP-13075
             Project: Hadoop Common
          Issue Type: New Feature
          Components: fs/s3
            Reporter: Andrew Olson


S3 provides 3 types of server-side encryption [1],

* SSE-S3 (Amazon S3-Managed Keys) [2]
* SSE-KMS (AWS KMS-Managed Keys) [3]
* SSE-C (Customer-Provided Keys) [4]

Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 - the underlying aws-java-sdk makes that very simple [5]. With native support in aws-java-sdk it should be fairly straightforward [6],[7] to support these other two flavors of SSE with some additional fs.s3a configuration properties.

[1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
[2] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
[3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
[4] http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
[5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
[6]
http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
[7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org