feat(encryption): add key manager #1706
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
2 times, most recently
from
87b53f0
to
baa1920
Compare
acelyc111
reviewed
Dec 6, 2023
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
from
4a23bdf
to
584d686
Compare
acelyc111
reviewed
Dec 19, 2023
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
from
c5f692d
to
9921aa2
Compare
acelyc111
reviewed
Dec 20, 2023
acelyc111
reviewed
Dec 21, 2023
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
2 times, most recently
from
77005ed
to
c4c2d97
Compare
acelyc111
reviewed
Dec 25, 2023
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
from
5ac2ac5
to
783bccf
Compare
acelyc111
reviewed
Jan 3, 2024
acelyc111
reviewed
Jan 4, 2024
acelyc111
reviewed
Jan 4, 2024
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
4 times, most recently
from
24176f4
to
bf2905d
Compare
acelyc111
reviewed
Jan 10, 2024
acelyc111
reviewed
Jan 11, 2024
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
from
5706cce
to
b2d23ac
Compare
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
2 times, most recently
from
2db3e8b
to
6db03be
Compare
acelyc111
reviewed
Jan 19, 2024
acelyc111
reviewed
Jan 19, 2024
This reverts commit d2e614fc7ac28869152cd4a71ec730a186f1238d.
Samunroyu
force-pushed
the
dev/yjw/kms-key
branch
from
a6ad06b
to
ac46aa7
Compare
empiredan
reviewed
Feb 1, 2024
empiredan
approved these changes
Feb 1, 2024
acelyc111
approved these changes
Feb 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch implements KeyProvider to manage encryption key from KMS. The KeyProvider
generates encryption key, IV and key version from KMS at the first launch of Replica
Server. And stores them in a file in a shared directory. After then, the process posts
them to KMS to decrypt key. The key is used to encrypt and decrypt data in Replica
Server.
A new config [pegasus.server]hadoop_kms_url has been introduced to provide the KMS URLs.
[pegasus.server] + hadoop_kms_url =