https://pinot.apache.org/ logo
#general
Title
# general
m

Mike Davis

02/09/2021, 8:46 PM
Does the S3PinotFS support server-side encryption via KMS or does it require implementing a custom PinotFS?
x

Xiang Fu

02/09/2021, 9:05 PM
KMS integration is not there yet, but should be easy to add to it if SDK is there
m

Mike Davis

02/09/2021, 9:10 PM
thanks. i think the SDK supports it we'd just need to pass through the KMS key to the appropriate requests.
x

Xiang Fu

02/09/2021, 9:14 PM
this seems to be client side
Copy code
The following examples use the AmazonS3EncryptionClientV2Builder class to create an Amazon S3 client with client-side encryption enabled. Once configured, any objects you upload to Amazon S3 using this client will be encrypted. Any objects you get from Amazon S3 using this client are automatically decrypted.
there's a java example
Copy code
PutObjectRequest putRequest = new PutObjectRequest(bucketName,
   keyName, file).withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams());
x

Xiang Fu

02/09/2021, 9:16 PM
ic, so it’s different api
m

Mike Davis

02/09/2021, 9:16 PM
Copy code
PutObjectRequest putRequest = new PutObjectRequest(bucketName,
   keyName, file).withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(keyID));
x

Xiang Fu

02/09/2021, 9:20 PM
right, we need to add an if-check here to use this
.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(keyID));
if given kms key
m

Mike Davis

02/09/2021, 9:21 PM
πŸ‘
x

Xiang Fu

02/09/2021, 9:21 PM
we will add that support soon πŸ™‚
πŸ™ 1
m

Mike Davis

02/09/2021, 9:44 PM
Would you like me to file a GH issue?
x

Xiang Fu

02/09/2021, 9:46 PM
yes please! so we can also link the PR to it
Thanks!
x

Xiang Fu

02/09/2021, 10:24 PM
Thanks!
m

Mike Davis

02/09/2021, 11:36 PM
πŸ™Œ