You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Houston Putman (Jira)" <ji...@apache.org> on 2021/10/07 15:17:00 UTC

[jira] [Created] (SOLR-15680) Allow for client-side encryption of backup data with S3

Houston Putman created SOLR-15680:
-------------------------------------

             Summary: Allow for client-side encryption of backup data with S3
                 Key: SOLR-15680
                 URL: https://issues.apache.org/jira/browse/SOLR-15680
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
          Components: contrib - S3 Repository
            Reporter: Houston Putman


The S3 repository module does not currently allow for client-side encryption of backup data before sending it to S3 (or decrypting after receiving the information).

The [AWS S3 SDK|https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html] makes it very easy to enable client-side encryption. You have the option of using:
* An AWS KMS key to encrypt/decrypt the data
* A custom root key provided to Solr, not specific to AWS

I think enabling both of these options would be great, and really the only things necessary to do are:
* Add the config options so that users can specify clientSideEncryption options via their solr.xml
* Change the AWS client to be an AmazonS3EncryptionClient, and then all operations using the client will automatically be encrypted/decrypted.




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org