Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Bring Your Own Key for Object Storage #22062

Open
regevran opened this issue Dec 26, 2024 · 1 comment
Open

Support Bring Your Own Key for Object Storage #22062

regevran opened this issue Dec 26, 2024 · 1 comment
Assignees
@elcallio
Milestone
2025.2.0

Comments

@regevran
Copy link

Scylla should support user's own key for encrypting data at object storage.
Without this key Scylla does not encrypt the data and leave it for the object storage provider (S3 for example) to take care for encryption.
Refs: https://github.com/scylladb/scylla-enterprise/issues/4981

In general, the flow is always the same:
in the media: encrypted with a key for this media.
When transitioned - decryption with the key for this media and encryption with the keys for the transition to media.
For example:
On local disk - encrypted for local disk.
When streamed to S3: decryption with local disk keys and encryption with TLS.
If the user brings its own keys - before the TLS - encryption using the user's keys.
On S3 (not our responsibility, just to complete the picture) - decryption using TLS, encryption using S3's encryption.
@regevran regevran added this to the 2025.1.0 milestone Dec 26, 2024
@mykaul
Copy link
Contributor

mykaul commented Dec 29, 2024

This is not realistic for 2025.1.0.
@regevran - please re-target.

@regevran regevran modified the milestones: 2025.1.0, 2025.2.0 Dec 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elcallio elcallio

Labels
None yet
Projects
None yet
Milestone
2025.2.0
Development

No branches or pull requests
3 participants
@mykaul @regevran @elcallio