The data for a particular customer needs to be encrypted on account level. At server side the APIs will start accepting the encryption key as part of request headers. The data will be encrypted/decrypted with the given key at the server.
Since the ABFS FileSystem APIs are implementations for Hadoop FileSystem APIs there is no direct way with which customer can pass the key to ABFS driver. In this case driver should have the following capabilities so that it can accept and pass the encryption key as one of the request headers.
- There should be a way to configure the encryption key for different accounts.
- If there is a key specified for a particular account, the same needs to be sent along with the request headers.
They key for an account can be specified in the core-site as follows.