[GitHub] [iceberg] ggershinsky commented on a diff in pull request #3471: Core: Envelope encryption

[GitBox <gi...@apache.org>]

ggershinsky commented on code in PR #3471:
URL: https://github.com/apache/iceberg/pull/3471#discussion_r1020852734


##########
core/src/main/java/org/apache/iceberg/TableProperties.java:
##########
@@ -349,4 +350,27 @@ private TableProperties() {}
 
   public static final String UPSERT_ENABLED = "write.upsert.enabled";
   public static final boolean UPSERT_ENABLED_DEFAULT = false;
+
+  public static final String ENCRYPTION_TABLE_KEY = "encryption.table.key.id";
+
+  public static final String ENCRYPTION_DEK_LENGTH = "encryption.data.key.length";
+  public static final int ENCRYPTION_DEK_LENGTH_DEFAULT = 16;
+
+  public static final String ENCRYPTION_DATA_ALGORITHM = "encryption.data.algorithm";
+  public static final String ENCRYPTION_DATA_ALGORITHM_DEFAULT =
+      EncryptionAlgorithm.AES_GCM.toString();
+
+  /**
+   * Leverage file format native encryption instead of encrypting the entire file through Iceberg
+   * encryption stream
+   */
+  public static final String ENCRYPTION_PUSHDOWN_ENABLED = "encryption.pushdown";
+
+  public static final boolean ENCRYPTION_PUSHDOWN_ENABLED_DEFAULT = true;

Review Comment:
   since it's the only option today (with false, we can only throw an exception), lets remove the "encryption.pushdown" parameter altogether. Less complexity / confusion, and one less config. When can add it later if/when needed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org