search

soabase / exhibitor

ZooKeeper co-process for instance monitoring, backup/recovery, cleanup and visualization.
https://groups.google.com/forum/#!topic/exhibitor-users/PVkcd88mk8c
Apache License 2.0
1.68k stars 444 forks source link

Exhibitor doesn't support encrypted S3 buckets #341

Open GaalDornick opened 7 years ago

GaalDornick commented 7 years ago

S3 has a feature that allows users to encrypt the files stored in S3. There are various modes of encryption which are documented here http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

As per my current employer's policy, all data on S3 has to use Server side encryption, and they put policies on S3 buckets that forces the data to be encrypted. The problem is that Exhibitor doesn't turn encryption on when it uploads the shared configuration to S3. There should be a way that we can tell exhibitor to use SSE.

The Hadoop AWS client library supports the various kind of encryptions. https://hortonworks.github.io/hdp-aws/s3-encryption/index.html Exhibitor should support something similar

waterytowers commented 7 years ago

+1

We also require everything in AWS to be encrypted and use AWS KMS keys for safe guarding our data. This is a high priority for the company where I work.