Status: In Progress
Affects Version/s: None
Fix Version/s: None
- Base64WriteOnly just be able to get the ciphertext from client for any users.
- Base64Rewriter just be able to get plaintext from client for any users.
I have an improvement based on HIVE-6329 using key management via kms.
This patch implement transparent column level encryption. Users don't need to set anything when they quey tables.
- setup kms and set kms-acls.xml (e.g. user1 and root has permission to get key)
- set hive-site.xml
- create an encrypted table
- query table by different user, this is transparent to users. It is very convenient and don't need to set anything.