Enabling CSE-KMS
To enable CSE-KMS, the property
fs.s3a.server-side-encryption-algorithm must be set to CSE-KMS in
core-site.xml.
- Generate an AWS KMS Key ID from the AWS console for your bucket, with the same region as the storage bucket.
- If already created, view the KMS key ID following these steps.
- Set
fs.s3a.server-side-encryption-algorithm=CSE-KMS. - Set
fs.s3a.server-side-encryption.key=<KMS_KEY_ID>.
<property>
<name>fs.s3a.server-side-encryption-algorithm</name>
<value>CSE-KMS</value>
</property>
<property>
<name>fs.s3a.server-side-encryption.key</name>
<value>${KMS_KEY_ID}</value>
</property>