[
https://issues.apache.org/jira/browse/HDDS-13148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang reassigned HDDS-13148:
--------------------------------------
Assignee: Wei-Chiu Chuang
> [Docs] Update Transparent Data Encryption doc
> ---------------------------------------------
>
> Key: HDDS-13148
> URL: https://issues.apache.org/jira/browse/HDDS-13148
> Project: Apache Ozone
> Issue Type: Improvement
> Components: documentation
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Priority: Major
>
> [https://ozone.apache.org/docs/edge/security/securingtde.html]
>
> The Ozone TDE doc is written with the assumption that user is familiar with
> HDFS TDE, which may not be the case.
>
> We should update the doc such that
> (1) It does not require prior knowledge in HDFS TDE.
> (2) Ozone can work with Hadoop KMS and Ranger KMS. We should mention Ranger
> KMS in the doc.
> (3) For Ranger KMS, encryption key can also be managed by Ranger KMS
> management console or its REST API.
> (4) {{hadoop key create enckey}} command has additional parameters: -size:
> specifies key bit length. Ozone supports 128 and 256 bits; -cipher: only
> AES/CTR/NoPadding (default) is supported as of now.
> (5) Add reference to Transparent Encryption in HDFS:
> [https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> and Hadoop KMS doc:
> [https://hadoop.apache.org/docs/r3.4.1/hadoop-kms/index.html]
> (6) For the section {*}Using Transparent Data Encryption from S3G{*}, we
> should mention Ozone does not support S3-SSE (Server-Side Encryption) or
> S3-CSE (Client-Side Encryption). That said, Ozone S3 buckets can be encrypted
> using Ranger/Hadoop KMS to provide the same guarantee as S3-SSE with
> client-supplied key (S3 SSE-C).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
