Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15680

Allow for client-side encryption of backup data with S3

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      The S3 repository module does not currently allow for client-side encryption of backup data before sending it to S3 (or decrypting after receiving the information).

      The AWS S3 SDK makes it very easy to enable client-side encryption. You have the option of using:

      • An AWS KMS key to encrypt/decrypt the data
      • A custom root key provided to Solr, not specific to AWS

      I think enabling both of these options would be great, and really the only things necessary to do are:

      • Add the config options so that users can specify clientSideEncryption options via their solr.xml
      • Change the AWS client to be an AmazonS3EncryptionClient, and then all operations using the client will automatically be encrypted/decrypted.

      Attachments

        Activity

          People

            Unassigned Unassigned
            houston Houston Putman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: