Skip to content

Core: Apply encryption basics to writers and readers #2640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ggershinsky wants to merge 2 commits into from
Closed

Core: Apply encryption basics to writers and readers #2640

ggershinsky wants to merge 2 commits into from

Conversation

@ggershinsky
Copy link
Contributor

@ggershinsky ggershinsky commented May 26, 2021
edited
Loading

A set of fresh data encryption keys is generated for each data file (in formats that support native encryption). The data keys are wrapped centrally (eg in the driver), potentially via KMS interaction, and stored in the manifest key_metadata entry for this data file. The data keys are delivered via NativeFileEncryptParams objects (see #2638) to the workers that perform data file writing/encryption.

@rdblue @jackye1995 @RussellSpitzer @flyrain @aokolnychyi

@jackye1995
Copy link
Contributor

jackye1995 commented May 26, 2021

Should we combine this with the #2638 you published? They are not long and reader of this PR has to have context of that one anyway.

@ggershinsky
Copy link
Contributor Author

ggershinsky commented May 27, 2021

The idea behind the split was to use the #2638 to highlight the challenge of encryption key passing, and to discuss the difference between native and stream encryption parameters. So it keeps only the minimal set of classes required to focus on these discussion topics.
This pull request will keep growing (currently it covers only the write path). I'll cross-reference the two prs.

@ggershinsky ggershinsky mentioned this pull request May 27, 2021
Merged
@ggershinsky ggershinsky mentioned this pull request Jun 27, 2021
Merged
@ggershinsky ggershinsky marked this pull request as draft June 27, 2021 11:00
@ggershinsky ggershinsky changed the title Core: call native encryption API Core: Apply encryption basics to writers and readers Nov 4, 2021
@ggershinsky
Copy link
Contributor Author

ggershinsky commented Aug 16, 2022

Replacing with an updated version #5544

@ggershinsky ggershinsky deleted the call-native-encryption branch June 20, 2023 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

core data flink spark

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ggershinsky @jackye1995