accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ctubbsii commented on a change in pull request #319: ACCUMULO-4737 Clean up cipher algorithm configuration
Date Thu, 01 Jan 1970 00:00:00 GMT
ctubbsii commented on a change in pull request #319: ACCUMULO-4737 Clean up cipher algorithm
configuration
URL: https://github.com/apache/accumulo/pull/319#discussion_r149520138
 
 

 ##########
 File path: core/src/main/java/org/apache/accumulo/core/conf/Property.java
 ##########
 @@ -48,10 +48,18 @@
       "Fully qualified class name of the class that implements the CryptoModule interface,
to be used in setting up encryption at rest for the WAL and "
           + "(future) other parts of the code."),
   @Experimental
-  CRYPTO_CIPHER_SUITE("crypto.cipher.suite", "NullCipher", PropertyType.STRING, "Describes
the cipher suite to use for the write-ahead log"),
+  CRYPTO_CIPHER_SUITE("crypto.cipher.suite", "NullCipher", PropertyType.STRING,
+      "Describes the cipher suite to use for rfile encryption. If a WAL cipher suite is not
set, it will default to this value. The suite should be in the "
+          + "form of algorithm/mode/padding, e.g. AES/CBC/NoPadding"),
   @Experimental
-  CRYPTO_CIPHER_ALGORITHM_NAME("crypto.cipher.algorithm.name", "NullCipher", PropertyType.STRING,
-      "States the name of the algorithm used in the corresponding cipher suite. Do not make
these different, unless you enjoy mysterious exceptions and bugs."),
+  CRYPTO_WAL_CIPHER_SUITE(
+      "crypto.wal.cipher.suite",
+      "NullCipher",
+      PropertyType.STRING,
+      "Describes the cipher suite to use for the write-ahead log. Defaults to 'cyrpto.cipher.suite'
and will use that value for WAL encryption unless otherwise specified."),
 
 Review comment:
   While it may be useful to point out that some ciphers might corrupt the WAL if not closed
properly, and that's a risk with WALs, I'd caution against adding too much discussion about
suitability of specific ciphers here. If we know that there's a category of ciphers which
won't work, we can probably mention them as a category and maybe even check for those when
we validate the config. But, I think detailed discussions of suitability are generally out
of scope here, and are best left to external docs, like blog posts focused on the subject.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message