ggershinsky opened a new issue #2373: URL: https://github.com/apache/iceberg/issues/2373
The envelope encryption practice requires periodic (or on-demand) re-wrapping of DEKs (data encryption keys) with new versions of master keys. KMS (key management service) generates the new master keys and keeps their history. The re-wrapped DEKs need to be updated in Iceberg metadata. In a case of double envelope encryption, the KEKs (key encryption keys) are either re-wrapped with new master keys - or re-generated, wrapped with new master keys, and used to re-wrap the DEKs. This mechanism will add a DDL clause to perform key rotation in Iceberg tables. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
