Wei-Chiu Chuang created HDDS-13148:
--------------------------------------
Summary: [Docs] Update Transparent Data Encryption doc
Key: HDDS-13148
URL: https://issues.apache.org/jira/browse/HDDS-13148
Project: Apache Ozone
Issue Type: Improvement
Components: documentation
Reporter: Wei-Chiu Chuang
[https://ozone.apache.org/docs/edge/security/securingtde.html]
The Ozone TDE doc is written with the assumption that user is familiar with
HDFS TDE, which may not be the case.
We should update the doc such that
(1) It does not require prior knowledge in HDFS TDE.
(2) Ozone can work with Hadoop KMS and Ranger KMS. We should mention Ranger KMS
in the doc.
(3) For Ranger KMS, encryption key can also be managed by Ranger KMS management
console or its REST API.
(4) {{hadoop key create enckey}} command has additional parameters: -size:
specifies key bit length. Ozone supports 128 and 256 bits; -cipher: only
AES/CTR/NoPadding (default) is supported as of now.
(5) Add reference to Transparent Encryption in HDFS:
[https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
and Hadoop KMS doc:
[https://hadoop.apache.org/docs/r3.4.1/hadoop-kms/index.html]
(6) For the section {*}Using Transparent Data Encryption from S3G{*}, we should
mention Ozone does not support S3-SSE (Server-Side Encryption) or S3-CSE
(Client-Side Encryption). That said, Ozone S3 buckets can be encrypted using
Ranger/Hadoop KMS to provide the same guarantee as S3-SSE with client-supplied
key (S3 SSE-C).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
