Skip to content

Add encryption key support for v3#2118

Open
rambleraptor wants to merge 4 commits intoapache:mainfrom
rambleraptor:encryption-key
Open

Add encryption key support for v3#2118
rambleraptor wants to merge 4 commits intoapache:mainfrom
rambleraptor:encryption-key

Conversation

@rambleraptor
Copy link
Contributor

@rambleraptor rambleraptor commented Jun 18, 2025

Closes #1972

Rationale for this change

This adds support for adding / removing encryption keys on table metadata + snapshots. This is a new part of v3. The goal is to match the Java implementation.

Spec change
Java change

Are these changes tested?

Included unit tests

Are there any user-facing changes?

Yes, this allows new support for encryption key metadata.

kevinjqliu
kevinjqliu reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@kevinjqliu kevinjqliu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this feature!
I think it would be great to include a E2E test with spark. I believe the feature will be available in the next java iceberg release, 1.10

@rambleraptor
Copy link
Contributor Author

rambleraptor commented Jun 30, 2025

@kevinjqliu happy to add that e2e test! Would you prefer I wait for the release + add the test or just file an issue? I know v3 writing is blocked on this feature.

smaheshwar-pltr
smaheshwar-pltr reviewed Jul 23, 2025
View reviewed changes
Copy link
Contributor

@smaheshwar-pltr smaheshwar-pltr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for picking up this work!

tests/table/test_snapshots.py
assert (
repr(snapshot)
== """Snapshot(snapshot_id=25, parent_snapshot_id=19, sequence_number=200, timestamp_ms=1602638573590, manifest_list='s3:/a/b/c.avro', summary=Summary(Operation.APPEND), schema_id=3)"""
== """Snapshot(snapshot_id=25, parent_snapshot_id=19, sequence_number=200, timestamp_ms=1602638573590, manifest_list='s3:/a/b/c.avro', summary=Summary(Operation.APPEND), schema_id=3, key_id=None)"""
Copy link
Contributor

@smaheshwar-pltr smaheshwar-pltr Jul 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we want to omit key_id for < V3 tables instead of serialising it.

The spec says:

image

with blanks for format versions 1 and 2. #2146 (comment) then makes me think we shouldn't write this field for those versions. WDYT?

Copy link
Contributor Author

@rambleraptor rambleraptor Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1973 makes it sound like we don't want to version these. What are your thoughts?

@caushie-akamai
Copy link

caushie-akamai commented Sep 22, 2025
edited
Loading

Now that apache/iceberg#7770 got merged, it would be fantastic if we had support for reading encrypted tables in pyiceberg. Is this PR still active? If not i can take a stab at it.

CC: @smaheshwar-pltr @kevinjqliu

@rambleraptor
Copy link
Contributor Author

rambleraptor commented Sep 22, 2025

I can take a look at it! I've been waiting for 1.10. Thanks for the ping

@rambleraptor
Copy link
Contributor Author

rambleraptor commented Sep 25, 2025

@kevinjqliu what would the e2e test for this look like? I'm not sure how to run these events using Spark.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smaheshwar-pltr smaheshwar-pltr Awaiting requested review from smaheshwar-pltr

@kevinjqliu kevinjqliu Awaiting requested review from kevinjqliu

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Extend V3 metadata read support with encryption changes

4 participants

@rambleraptor @caushie-akamai @kevinjqliu @smaheshwar-pltr