我用aws kms加密了我的s3键,并通过copy命令推送到redshift。加密文件包含ciphertextblob和关键字段。有没有办法可以查询已加密的实际数据?
真实数据就像这样
{"id":"1","name":"dummyname",age:"42"}
我的加密数据如下所示
{"CiphertextBlob":[1,2,3,0,120,233,75,200,66,143,164,147,227,238,147,160,116,177,169,157,151,230,181,14,191,156,140,146,43,184,202,30,55,51,17,114,237,1,96,101,196,239,48,167,210,15,193,102,57,210,110,143,138,232,0,0,0,126,48,124,6,9,42,134,72,134,247,13,1,7,6,160,111,48,109,2,1,0,48,104,6,9,42,134,72,134,247,13,1,7,1,48,30,6,9,96,134,72,1,101,3,4,1,46,48,17,4,12,14,218,49,42,14,25,206,72,238,21,16,108,2,1,16,128,59,185,185,70,8,156,85,194,144,17,206,233,181,87,105,10,140,135,145,66,47,247,242,163,1,69,237,116,152,162,95,86,73,209,218,214,205,204,214,243,151,78,99,3,19,56,105,58,202,158,36,227,244,108,99,93,209,4,50,113],"Plaintext":[243,146,203,144,109,46,20,207,245,11,58,63,178,191,136,49,243,247,189,88,11,28,59,222,217,53,156,239,233,15,129,22],"KeyId":"arn:aws:kms:<region>:<id>:key/<key>"}
当通过copy命令将其推送到redshift时,AWS是否有任何方法默认解密数据并允许查询实际数据?
答案 0 :(得分:0)
适用于Redshift的AWS KMS Encyprtion
如果您使用AWS KMS密钥进行S3加密或客户端加密(AWS CLI), 并使用复制命令将数据推送到Redshift,您可以在Redshift数据库中以解密格式查询数据。
仅在加载期间,您的数据将采用加密格式,Redshift使用AWS KMS密钥将推送的数据解密为Redshift。