Object Gateway - Server Side Encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Amardeep

    
We are trying the same as you on luminous.

    
s3cmd --access_key xxx  --secret_key xxx  --host-bucket '%(bucket)s.s3.xxx.ch' --host s3.xxx.ch --signature-v2 --no-preserve --server-side-encryption \
--server-side-encryption-kms-id https://barbican.service.xxx.ch/v1/secrets/ffa60094-f88b-41a4-b63f-c07a017ad2b5 put hello.txt3 s3://test/hello.txt3

upload: 'hello.txt3' -> 's3://test/hello.txt3'  [1 of 1]
 13 of 13   100% in    0s    14.25 B/s  done
ERROR: S3 error: 400 (InvalidArgument): Failed to retrieve the actual key, kms-keyid: https://barbican.service.xxx.ch/v1/secrets/ffa60094-f88b-41a4-b63f-c07a017ad2b5


    
openstack --os-cloud fsc-ac secret get https://barbican.service.xxx.ch/v1/secrets/ffa60094-f88b-41a4-b63f-c07a017ad2b5
+---------------+----------------------------------------------------------------------------------+
| Field         | Value                                                                            |
+---------------+----------------------------------------------------------------------------------+
| Secret href   | https://barbican.service.xxx.ch/v1/secrets/ffa60094-f88b-41a4-b63f-c07a017ad2b5 |
| Name          | fsc-key3                                                                         |
| Created       | 2019-04-25T14:31:52+00:00                                                        |
| Status        | ACTIVE                                                                           |
| Content types | {u'default': u'application/octet-stream'}                                        |
| Algorithm     | aes                                                                              |
| Bit length    | 256                                                                              |
| Secret type   | opaque                                                                           |
| Mode          | cbc                                                                              |
| Expiration    | 2020-01-01T00:00:00+00:00                                                        |
+---------------+----------------------------------------------------------------------------------+


    
We also tried using --server-side-encryption-kms-id ffa60094-f88b-41a4-b63f-c07a017ad2b5
or --server-side-encryption-kms-id fsc-key3 with the same error.


vim /etc/ceph/ceph.conf 
    rgw barbican url = "" class="moz-txt-link-freetext" href="https://barbican.service.xxx.ch">https://barbican.service.xxx.ch
    rgw keystone barbican user = rgwcrypt
    rgw keystone barbican password = xxx
    rgw keystone barbican project = service
    rgw keystone barbican domain = default
    rgw crypt require ssl = false

Thank you in advance for your help.



Best Regards


    
Francois Scheurer


  


Attachment:
smime.p7s

Description: S/MIME cryptographic signature


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com





















[Index of Archives]
 
 
[Information on CEPH]
 
 
[Linux Filesystem Development]
 
 
[Ceph Development]
 
 
[Ceph Large]
 
 
[Linux USB Development]
 
 
[Video for Linux]
 
 
[Linux Audio Users]
 
 
[Yosemite News]
 
 
[Linux Kernel]
 
 
[Linux SCSI]
 
 
[xfs]

















 
Powered by Linux