pyarrow.parquet.encryption.create_encryption_properties

pyarrow.parquet.encryption.create_encryption_properties(footer_key, *, aad_prefix=None, bool store_aad_prefix=True, encryption_algorithm='AES_GCM_V1', bool plaintext_footer=False)

Create FileEncryptionProperties using a direct footer key.

This is a low-level API that constructs encryption properties directly from a plaintext key, bypassing the KMS-based CryptoFactory. It is intended for callers that manage key wrapping and storage themselves (e.g. an application-level scheme).

Warning

The caller is responsible for key management best practices. Reusing the same key for multiple files without unique data keys weakens AES-GCM security. The higher-level CryptoFactory with EncryptionConfiguration handles this automatically and is interoperable with other tools and frameworks – prefer it unless you have a specific reason to manage keys yourself.

Note

Currently only uniform encryption (single key for footer and all columns) is supported with this method. Per-column keys are not yet available; the provided key encrypts both the footer and every column.

Parameters:

footer_keybytes

The encryption key for the file footer and all columns (uniform encryption). Must be 16, 24, or 32 bytes for AES-128, AES-192, or AES-256 respectively.

aad_prefixbytes, optional

Additional Authenticated Data prefix for cryptographic binding.

store_aad_prefixbool, default True

Whether to store the AAD prefix in the Parquet file metadata. Set to False when the AAD prefix will be supplied externally at read time. Only meaningful when aad_prefix is provided.

encryption_algorithmstr, default “AES_GCM_V1”

Encryption algorithm. Either "AES_GCM_V1" or "AES_GCM_CTR_V1".

plaintext_footerbool, default False

Whether to leave the file footer unencrypted. When True, file schema and metadata are readable without a key.

Returns:

FileEncryptionProperties

Properties that can be passed to write_table() or ParquetWriter.

Examples

>>> import pyarrow as pa
>>> import pyarrow.parquet as pq
>>> import pyarrow.parquet.encryption as pe
>>> table = pa.table({'col': [1, 2, 3]})
>>> props = pe.create_encryption_properties(
...     footer_key=b'0123456789abcdef',
...     aad_prefix=b'table_id',
...     store_aad_prefix=False,
... )
>>> pq.write_table(table, 'encrypted.parquet', encryption_properties=props)