v.21.3New Feature

Added Support for Server Side Encryption Customer Keys in S3 Client

Official CH changelog text
Added Server Side Encryption Customer Keys (the x-amz-server-side-encryption-customer-(key/md5) header) support in S3 client. See the link. Closes #19428. #19748 (Vladimir Chebotarev).
Added support for Server Side Encryption with Customer Provided Keys (SSE-C) in the S3 client, enabling encryption using customer-managed keys via the x-amz-server-side-encryption-customer-(key/md5) headers.

Why it matters

This feature allows users to securely store data in Amazon S3 with encryption keys managed on the client side, providing enhanced control over data encryption and compliance requirements when using ClickHouse's S3 storage integration.

How to use it

To use SSE-C encryption, provide the customer encryption key and its MD5 hash in the S3 client headers x-amz-server-side-encryption-customer-key and x-amz-server-side-encryption-customer-key-MD5. Configure these headers in the ClickHouse S3 integration settings or client configuration when accessing S3 storage.

Related resources

PreviousNext