[jira] [Commented] (SOLR-15680) Allow for client-side encryption of backup data with S3

Fri, 22 Oct 2021 12:02:18 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-15680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17433129#comment-17433129
 ] 

Houston Putman commented on SOLR-15680:
---------------------------------------

Apparently the AWS V2 JAVA SDK does not support client-side encryption yet. The 
feature was dropped in the v1->v2 migration, and has not been added back yet. 
The team does say that they are currently working on it, so we might have a 
solution sometime later this year or early next year.

https://github.com/aws/aws-encryption-sdk-java/issues/58
https://github.com/aws/aws-sdk-java-v2/issues/34

Without the client-enablement, this is a much larger task. We might wait until 
the AWS V2 API supports it before moving forward.

> Allow for client-side encryption of backup data with S3
> -------------------------------------------------------
>
>                 Key: SOLR-15680
>                 URL: https://issues.apache.org/jira/browse/SOLR-15680
>             Project: Solr
>          Issue Type: Improvement
>          Components: contrib - S3 Repository
>            Reporter: Houston Putman
>            Priority: Major
>
> The S3 repository module does not currently allow for client-side encryption 
> of backup data before sending it to S3 (or decrypting after receiving the 
> information).
> The [AWS S3 
> SDK|https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html]
>  makes it very easy to enable client-side encryption. You have the option of 
> using:
> * An AWS KMS key to encrypt/decrypt the data
> * A custom root key provided to Solr, not specific to AWS
> I think enabling both of these options would be great, and really the only 
> things necessary to do are:
> * Add the config options so that users can specify clientSideEncryption 
> options via their solr.xml
> * Change the AWS client to be an AmazonS3EncryptionClient, and then all 
> operations using the client will automatically be encrypted/decrypted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to