Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support encryption on object storage #919

Open
udf2457 opened this issue Sep 7, 2024 · 10 comments
Open

Support encryption on object storage #919

udf2457 opened this issue Sep 7, 2024 · 10 comments
Assignees
@lazyfuhrer
Labels
💎 Bounty enhancement New feature or request

Comments

@udf2457
Copy link

udf2457 commented Sep 7, 2024

Is there a technical reason for the omission of encryption on object storage (S3) ?

This could be done even without introducing any extra code to parseable if you exposed support for S3-side features such as SSE-C.
@nitisht
Copy link
Member

nitisht commented Sep 7, 2024

Can you elaborate a bit.

if you exposed support for S3-side features such as SSE-C.

What do we have to expose here?

@udf2457
Copy link
Author

udf2457 commented Sep 7, 2024
edited
Loading

What do we have to expose here?

Basically all you need to do is introduce the extra env-vars and push that down to your S3 code so the correct HTTP headers are set.

For example, enabling SSE-C is as simple as sending the following headers when interacting with S3:

x-amz-server-side​-encryption​-customer-algorithm: currently a fixed static value, AES256
x-amz-server-side​-encryption​-customer-key: 256-bit, base64-encoded encryption key
x-amz-server-side​-encryption​-customer-key-MD5: base64-encoded 128-bit MD5 digest of the encryption key

S3 then does the crypto transparently in-line.

@nitisht
Copy link
Member

nitisht commented Sep 7, 2024

I see, this is useful @udf2457 . We'll take a look soon.

@nitisht nitisht added the enhancement New feature or request label Sep 7, 2024
@nitisht nitisht self-assigned this Sep 7, 2024
@udf2457
Copy link
Author

udf2457 commented Sep 7, 2024
edited
Loading

No problem.

People who use the AWS native S3 might point out they can (also) configure encryption via AWS S3 management (e.g. if you are 100% AWS-ecosystem you can configure so a bucket uses AWS KMS hosted keys).

So this feature is perhaps of most significant interest to those (like me 😉 ) who use S3-compatible services from other non-AWS providers or software (e.g. minio).

@nitisht
Copy link
Member

nitisht commented Sep 16, 2024

/bounty 100

@algora-pbc Algora PBC
Copy link

algora-pbc bot commented Sep 16, 2024
edited
Loading

💎 $100 bounty • Parseable

Steps to solve:

  1. Start working: Comment /attempt #919 with your implementation plan
  2. Submit work: Create a pull request including /claim #919 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to parseablehq/parseable!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @lazyfuhrer Sep 16, 2024, 3:20:48 PM WIP

@lazyfuhrer
Copy link

I want to work on this. Can I be assigned ? @nitisht

@lazyfuhrer
Copy link

lazyfuhrer commented Sep 16, 2024
edited by algora-pbc bot
Loading

/attempt #919

Algora profile Completed bounties Tech Active attempts Options
@lazyfuhrer 2 bounties from 1 project
TypeScript, JavaScript,
Rust & more
Cancel attempt

@nitisht nitisht assigned lazyfuhrer and unassigned nitisht Sep 16, 2024
@nitisht
Copy link
Member

nitisht commented Sep 16, 2024

Sure @lazyfuhrer please go ahead.

@nitisht
Copy link
Member

nitisht commented Sep 20, 2024

any updates @lazyfuhrer ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lazyfuhrer lazyfuhrer

Labels
💎 Bounty enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nitisht @udf2457 @lazyfuhrer