[GitHub] [accumulo-website] dlmarion commented on a diff in pull request #342: Per table crypto - work in progress

[GitBox <gi...@apache.org>]

dlmarion commented on code in PR #342:
URL: https://github.com/apache/accumulo-website/pull/342#discussion_r981117948


##########
_docs-2/configuration/server-properties.md:
##########
@@ -25,6 +25,7 @@ Below are properties set in `accumulo.properties` or the Accumulo shell that con
 | <a name="general_classpaths" class="prop"></a> general.classpaths | **Deprecated.** ~~This property is deprecated since 2.0.0. The class path should instead be configured by the launch environment (for example, accumulo-env.sh). A list of all of the places to look for a class. Order does matter, as it will look for the jar starting in the first location to the last. Supports full regex on filename alone.~~<br>~~**type:** STRING~~, ~~**zk mutable:** no~~, ~~**default value:** empty~~ |
 | <a name="general_context_class_loader_factory" class="prop"></a> general.context.class.loader.factory | Name of classloader factory to be used to create classloaders for named contexts, such as per-table contexts set by `table.class.loader.context`.<br>**type:** CLASSNAME, **zk mutable:** no, **default value:** empty |
 | <a name="general_custom_prefix" class="prop"></a> **general.custom.*** | Prefix to be used for user defined system-wide properties. This may be particularly useful for system-wide configuration for various user-implementations of pluggable Accumulo features, such as the balancer or volume chooser. |
+| <a name="general_custom_crypto_service" class="prop"></a> general.custom.crypto.service | **Experimental.** The class which executes on-disk file encryption. The default does nothing. To enable encryption, replace this classname with an implementation of theorg.apache.accumulo.core.spi.crypto.CryptoService interface.<br>**type:** CLASSNAME, **zk mutable:** no, **default value:** {% jlink -f org.apache.accumulo.core.spi.crypto.NoCryptoService %} |

Review Comment:
   ```suggestion
   | <a name="general_custom_crypto_service" class="prop"></a> general.custom.crypto.service | **Experimental.** The class which executes on-disk file encryption. The default does nothing. To enable encryption, replace this classname with an implementation of the org.apache.accumulo.core.spi.crypto.CryptoService interface.<br>**type:** CLASSNAME, **zk mutable:** no, **default value:** {% jlink -f org.apache.accumulo.core.spi.crypto.NoCryptoService %} |
   ```



##########
_docs-2/security/on-disk-encryption.md:
##########
@@ -5,23 +5,57 @@ order: 5
 ---
 
 For an additional layer of security, Accumulo can encrypt files stored on disk.  On Disk encryption was reworked 
-for 2.0, making it easier to configure and more secure.  The files that can be encrypted include: [RFiles][design] and Write Ahead Logs (WALs). NOTE: This feature is considered experimental. For more information, see the [notes below](#things-to-keep-in-mind).
+for 2.0, making it easier to configure and more secure.  Starting with 2.1 On Disk Encryption can now be configured
+per table as well as for the entire instance (all tables). The files that can be encrypted include: [RFiles][design] and Write Ahead 
+Logs (WALs). NOTE: This feature is considered experimental. For more information, see the [notes below](#things-to-keep-in-mind).
 

Review Comment:
   I think we should drop another note here that points people to _docs-2/administration/upgrading.md. Then, in upgrading.md we should add a warning that upgrading an encrypted instance to 2.1.0 is not currently supported.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@accumulo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org