https://pinot.apache.org/ logo
Join Slack
Powered by
Does the S3PinotFS support server-side encryption ...
# general
m
Does the S3PinotFS support server-side encryption via KMS or does it require implementing a custom PinotFS?
x
KMS integration is not there yet, but should be easy to add to it if SDK is there
m
thanks. i think the SDK supports it we'd just need to pass through the KMS key to the appropriate requests.
x
this seems to be client side
Copy code
The following examples use the AmazonS3EncryptionClientV2Builder class to create an Amazon S3 client with client-side encryption enabled. Once configured, any objects you upload to Amazon S3 using this client will be encrypted. Any objects you get from Amazon S3 using this client are automatically decrypted.
m
there's a java example
Copy code
PutObjectRequest putRequest = new PutObjectRequest(bucketName,
   keyName, file).withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams());
x
ic, so it’s different api
m
Copy code
PutObjectRequest putRequest = new PutObjectRequest(bucketName,
   keyName, file).withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(keyID));
x
right, we need to add an if-check here to use this 
.withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams(keyID));
if given kms key
m
πŸ‘
x
we will add that support soon πŸ™‚
πŸ™ 1
m
Would you like me to file a GH issue?
x
yes please! so we can also link the PR to it
Thanks!
m
x
Thanks!
m
πŸ™Œ
Open in Slack
PreviousNext
Powered by