HIVE-21848 proposed to have a set of table properties to configure the ORC and Parquet encryption. In the scenario of CTLT and CTAS, the new table needs to have the same encryption table properties because they have the same type of sensitive data.
Furthermore, in the situation like 'insert into', if the source table has encrypted sensitive data but the destination doesn't have corresponding table property to define the encryption, then destination table will keep it as plaintext and hence leaks sensitive data.
The fix is to carry over table properties for those selected columns from the source table to the destination table.
The code change is working as a prototype. I will share it out later after HIVE-21848 has an agreement in the community.