Clarification on Spooling Protocol Security and Encryption Flow

[jonsnowseven]

Hello everyone,

I’m currently exploring the implementation details of the spooling protocol in Trino. I have a few questions regarding the protocol.spooling.shared-secret-key configuration and how it interacts with different storage layers and encryption settings.

Could someone clarify the following?

• Spooling enablement: If spooling is enabled when a Trino cluster is already being used, will the clients need to change something on their side or the change will be seamless to clients?
• Scope of the Shared Secret: Is the protocol.spooling.shared-secret-key used exclusively by the Trino cluster for internal data encryption/decryption?
• Interaction with STORAGE Mode: How is this key utilized when the retrieval mode is set to STORAGE?
• Compatibility with S3 Encryption: How does this feature interact with S3 Bucket Default Encryption? Specifically, if Trino encrypts the data before upload, how are those layers managed?
• Impact of Segment Encryption: What is the specific behaviour of setting fs.segment.encryption=false? If this is disabled, will requests to S3 still respect the S3-native default encryption keys (SSE-S3 or SSE-KMS)?
• Segment size recommendation: Any best practices for the Spooling segment sizes?

I'm trying to ensure a clear understanding of the data-at-rest security posture when spooling is enabled. Any insights or documentation pointers would be greatly appreciated!

Thank you!