Table of Contents

Search

  1. Preface
  2. Part 1: Introduction to Amazon Redshift connectors
  3. Part 2: Data Integration with Amazon Redshift V2 Connector
  4. Part 3: Data Integration with Amazon Redshift Connector

Amazon Redshift Connectors

Amazon Redshift Connectors

Client-side encryption for Amazon Redshift V2 targets

Client-side encryption for Amazon Redshift V2 targets

Client-side encryption is a technique to encrypt data before transmitting the data to the Amazon Redshift server.
When you enable client-side encryption for Amazon Redshift V2 targets, the Secure Agent fetches the data from the source, writes the data to the staging directory, encrypts the data, and then writes the data to an Amazon S3 bucket. The Amazon S3 bucket then writes the data to Amazon Redshift.
When you use a serverless runtime environment, you cannot configure client-side encryption for Amazon Redshift V2 targets.
If you enable both server-side and client-side encryption for an Amazon Redshift V2 target, then the client-side encryption is used for data load.
To enable client-side encryption, you must provide a master symmetric key in the connection properties and select
S3 Client Side Encryption
in the advanced target properties.
The Secure Agent encrypts the data by using the master symmetric key. The master symmetric key is a 256-bit AES encryption key in the Base64 format. Amazon Redshift V2 Connector uploads the data to the Amazon S3 server by using the master symmetric key and then loads the data to Amazon Redshift by using the copy command with the Encrypted option and a private encryption key for additional security.