Details

    • Type: Sub-task
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.4.0
    • Fix Version/s: None
    • Component/s: fs/azure
    • Target Version/s:

      Description

      The data for a particular customer needs to be encrypted on account level. At server side the APIs will start accepting the encryption key as part of request headers. The data will be encrypted/decrypted with the given key at the server. 

      Since the ABFS FileSystem APIs are implementations for Hadoop FileSystem APIs there is no direct way with which customer can pass the key to ABFS driver. In this case driver should have the following capabilities so that it can accept and pass the encryption key as one of the request headers. 

      1. There should be a way to configure the encryption key for different accounts.
      2. If there is a key specified for a particular account, the same needs to be sent along with the request headers. 

      Config changes 

      They key for an account can be specified in the core-site as follows. 

      fs.azure.account.client-provided-encryption-key.

      {account name}

      .dfs.core.windows.net 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bilahari.th Bilahari T H
                Reporter:
                bilahari.th Bilahari T H
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10h 10m
                  10h 10m