davidarcher commented on issue #1823: HADOOP-16794 S3 Encryption key is not getting set properly during put operation. URL: https://github.com/apache/hadoop/pull/1823#issuecomment-582895340 > @davidarcher Yes this could be the other solution which even I thought initially. But looks like S3's ObjectMeta doesn't have any setter method to set this x-amz-server-side-encryption-aws-kms-key-id directly. I think this is done to ensure the transparency of default S3 encryption. Thanks for looking into it @mukund-thakur -- From the [AWS example for using S3 KMS with Java](https://aws.amazon.com/blogs/developer/amazon-s3-encryption-with-aws-key-management-service/), it looks like it needs to be set directly on the request using the `withSSEAwsKeyManagementParams` or `setSSEAwsKeyManagementParams` method. We are already calling `setSSEAwsKeyManagementParams` [here](https://github.com/apache/hadoop/blob/db822aa905537ee266c8146633d973cad165a887/hadoop-tools/hadoop-aws/src/main/java/org/apache/hadoop/fs/s3a/S3AFileSystem.java#L3434-L3449) in the `setOptionalCopyObjectRequestParameters` method but we only consider the KMS key id configured on the client -- maybe we can fallback there to looking at the KMS key id from the source object?
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
