You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Marcel Reutegger (Jira)" <ji...@apache.org> on 2023/06/15 09:59:00 UTC

[jira] [Commented] (OAK-10093) Oak Blob Store support for SSE-C for AWS

    [ https://issues.apache.org/jira/browse/OAK-10093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17732971#comment-17732971 ] 

Marcel Reutegger commented on OAK-10093:
----------------------------------------

AFAIU [direct binary access|https://jackrabbit.apache.org/oak/docs/features/direct-binary-access.html] feature won't work with customer provided keys. Pre-signed URIs can be created, but when you use such a signed URI you need to know the customer provided key.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-and-presignedurl

The primary use for direct binary access is to return a pre-signed URI to the browser and let it download a binary directly from blob storage. This won't work with a customer provided key, because the browser doesn't know and must not have the key.

I think this should be mentioned somewhere in the Oak documentation.

> Oak Blob Store support for SSE-C for AWS
> ----------------------------------------
>
>                 Key: OAK-10093
>                 URL: https://issues.apache.org/jira/browse/OAK-10093
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>            Reporter: Rishabh Kumar
>            Assignee: Rishabh Daim
>            Priority: Major
>
> We need to provide the support for Customer Managed keys for Oak Blob Store for AWS.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)