You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Chris Nauroth (JIRA)" <ji...@apache.org> on 2016/06/18 15:54:05 UTC
[jira] [Updated] (HADOOP-13075) Add support for SSE-KMS and SSE-C
in s3a filesystem
[ https://issues.apache.org/jira/browse/HADOOP-13075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth updated HADOOP-13075:
-----------------------------------
Assignee: Federico Czerwinski
[~fedecz@gmail.com], you're correct that an unassigned JIRA indicates that no one is actively working on it. Thank you very much for volunteering to share your patch. I have assigned this issue to you.
Please refer to our [HowToContribute|https://wiki.apache.org/hadoop/HowToContribute] wiki page for more details about how the contribution process works. In particular, please notice the section on [Submitting patches against object stores|https://wiki.apache.org/hadoop/HowToContribute#Submitting_patches_against_object_stores_such_as_Amazon_S3.2C_OpenStack_Swift_and_Microsoft_Azure], where we describe additional testing requirements for S3A patches.
HADOOP-13131 is a recent patch that introduced test suites for encryption: {{TestS3AEncryption}} and {{TestS3AEncryptionAlgorithmPropagation}}. We can probably add new tests for SSE-KMS and SSE-C in there.
If possible, it would be great to cover both SSE-KMS and SSE-C at the same time in one patch.
bq. BTW, the aws sdk version that introduces KMS, is 1.9.5
That's great. We're currently on 1.10.6.
> Add support for SSE-KMS and SSE-C in s3a filesystem
> ---------------------------------------------------
>
> Key: HADOOP-13075
> URL: https://issues.apache.org/jira/browse/HADOOP-13075
> Project: Hadoop Common
> Issue Type: New Feature
> Components: fs/s3
> Reporter: Andrew Olson
> Assignee: Federico Czerwinski
>
> S3 provides 3 types of server-side encryption [1],
> * SSE-S3 (Amazon S3-Managed Keys) [2]
> * SSE-KMS (AWS KMS-Managed Keys) [3]
> * SSE-C (Customer-Provided Keys) [4]
> Of which the S3AFileSystem in hadoop-aws only supports opting into SSE-S3 (HADOOP-10568) -- the underlying aws-java-sdk makes that very simple [5]. With native support in aws-java-sdk already available it should be fairly straightforward [6],[7] to support the other two types of SSE with some additional fs.s3a configuration properties.
> [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
> [2] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
> [3] http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
> [4] http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
> [5] http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html
> [6] http://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html#kms-using-sdks-java
> [7] http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org