Hi Rishabh, You might want to check out these examples for python boto3 which include SSE-C: https://github.com/boto/boto3/blob/develop/boto3/examples/s3.rst As already noted use 'radosgw-admin' to retrieve access key and secret key to plug into your client. If you are not an administrator on your Ceph cluster you may have to ask someone who is to create/retrieve the necessary user info. Example: radosgw-admin user info --uid testuser ..... "keys": [ { "user": "testuser", "access_key":"ABCDE0", "secret_key": "1FGHIJK" } There is also an Admin API to retrieve this information but you wouldn't use it unless your application is something more general purpose requiring access to all user credentials (or other information). There are libraries for this API as well noted at the bottom of the docs page. If you just need an access/secret to plug into your client this is not what you are looking for - to even use it you still need to create a user with the radosgw-admin command. If you need to programmatically manage / retrieve user info with some kind of privileged application it might be of use. http://docs.ceph.com/docs/mimic/radosgw/adminops/ thanks, Ben On Tue, Dec 4, 2018 at 11:41 PM Rishabh S <talktorishabh18@xxxxxxxxx> wrote: > > Hi Paul, > > Thank You. > > I was looking for suggestions on how my ceph client should get access and secret keys. > > Another thing where I need help is regarding encryption > http://docs.ceph.com/docs/mimic/radosgw/encryption/# > > I am little confused what does these statement means. > > The Ceph Object Gateway supports server-side encryption of uploaded objects, with 3 options for the management of encryption keys. Server-side encryption means that the data is sent over HTTP in its unencrypted form, and the Ceph Object Gateway stores that data in the Ceph Storage Cluster in encrypted form. > > Note Requests for server-side encryption must be sent over a secure HTTPS connection to avoid sending secrets in plaintext. > > CUSTOMER-PROVIDED KEYS > > In this mode, the client passes an encryption key along with each request to read or write encrypted data. It is the client’s responsibility to manage those keys and remember which key was used to encrypt each object. > > > My understanding is when ceph client is trying to upload a file/object to Ceph cluster then client request should be https and will include “customer-provided-key”. > Then Ceph will use customer-provided-key to encrypt file/object before storing data into Ceph cluster. > > Please correct and suggest best approach to store files/object in Ceph cluster. > > Any code example of initial handshake to upload a file/object with encryption-key will be of great help. > > Regards, > Rishabh > > On 05-Dec-2018, at 2:48 AM, Paul Emmerich <paul.emmerich@xxxxxxxx> wrote: > > You are probably looking for radosgw-admin which can manage users on > the shell, e.g.: > > radosgw-admin user create --uid username --display-name "full name" > radosgw-admin user list > radosgw-admin user info --uid username > > The create and info commands return the secret/access key which can be > used with any S3 client. > > -- > Paul Emmerich > > Looking for help with your Ceph cluster? Contact us at https://croit.io > > croit GmbH > Freseniusstr. 31h > 81247 München > www.croit.io > Tel: +49 89 1896585 90 > Am Di., 4. Dez. 2018 um 18:55 Uhr schrieb Rishabh S <talktorishabh18@xxxxxxxxx>: > > > Dear Members, > > I am new to ceph and implementing object store using ceph. > > I have following scenario. > > 1. I have an application which needs to store thousands of files in to ceph cluster > 2. My application will be deployed in kubernetes cluster > 3. My application will communicate using Rest API > > My application will be ceph client which will be communicating ceph cluster using http/https. > Can some one please help me with how my application should get access-key/secret-key to communicate with ceph cluster. > > I am mainly looking for rest/http api example for initial authentication/authorization handshake. > > Thanks in advance. > > Regards, > Rishabh > > > > On 04-Dec-2018, at 11:11 PM, ceph-users-request@xxxxxxxxxxxxxx wrote: > > ceph-users@xxxxxxxxxxxxxx > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |