nessie icon indicating copy to clipboard operation
nessie copied to clipboard
verified publisher icon projectnessie

[Feature]: Support S3 Server Side Encryption

Open utay opened this issue 6 months ago • 2 comments

Description

When configuring Nessie with Iceberg REST, we should be able to configure S3 with SSE (Server Side Encryption) type and key.

Expected Use Cases

It could look like this:

nessie.catalog.service.s3.default-options.sse.type=customer
nessie.catalog.service.s3.default-options.sse.customer-key=<base64 encoded key>

or:

nessie.catalog.service.s3.default-options.sse.type=kms
nessie.catalog.service.s3.default-options.sse.kms-key-id=<kms key id>

Trino S3 storage supports it already as an example (see s3.sse.type, s3.sse.kms-key-id and s3.sse.customer-key): https://trino.io/docs/current/object-storage/file-system-s3.html

Requested Changes in public API

No response

utay avatar Jun 14 '25 12:06 utay

@utay : Thanks for filing this feature request. It looks valuable to users. Do you also intend to contribute a PR for this?

dimas-b avatar Jun 17 '25 01:06 dimas-b

@dimas-b Cool, I’m afraid I won’t have time to open a PR in the next few days, but I’d be very happy if someone else picks this issue up

utay avatar Jun 17 '25 06:06 utay