Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-15006

Encrypt S3A data client-side with Hadoop libraries & Hadoop KMS

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • fs/s3, kms
    • None

    Description

      This is for the proposal to introduce Client Side Encryption to S3 in such a way that it can leverage HDFS transparent encryption, use the Hadoop KMS to manage keys, use the `hdfs crypto` command line tools to manage encryption zones in the cloud, and enable distcp to copy from HDFS to S3 (and vice-versa) with data still encrypted.

      Attachments

        1. S3-CSE Proposal.pdf
          160 kB
          Steve Moist
        2. s3-cse-poc.patch
          10 kB
          Steve Moist

        Issue Links

          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-15606 FSDataInputStream/FSInputStream to implement getFileLength()

          • Major - Major loss of function.
          • Open
          relates to

          Sub-task - The sub-task of the issue HADOOP-13887 Encrypt S3A data client-side with AWS SDK (S3-CSE)

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              moist Steve Moist
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated: