You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Marcel Reutegger (Jira)" <ji...@apache.org> on 2023/06/15 09:59:00 UTC
[jira] [Commented] (OAK-10093) Oak Blob Store support for SSE-C for AWS
[ https://issues.apache.org/jira/browse/OAK-10093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17732971#comment-17732971 ]
Marcel Reutegger commented on OAK-10093:
----------------------------------------
AFAIU [direct binary access|https://jackrabbit.apache.org/oak/docs/features/direct-binary-access.html] feature won't work with customer provided keys. Pre-signed URIs can be created, but when you use such a signed URI you need to know the customer provided key.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-and-presignedurl
The primary use for direct binary access is to return a pre-signed URI to the browser and let it download a binary directly from blob storage. This won't work with a customer provided key, because the browser doesn't know and must not have the key.
I think this should be mentioned somewhere in the Oak documentation.
> Oak Blob Store support for SSE-C for AWS
> ----------------------------------------
>
> Key: OAK-10093
> URL: https://issues.apache.org/jira/browse/OAK-10093
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Reporter: Rishabh Kumar
> Assignee: Rishabh Daim
> Priority: Major
>
> We need to provide the support for Customer Managed keys for Oak Blob Store for AWS.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)