is rgw crypt default encryption key long term supported ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Casey, Dear Ceph Users


The following is written in the radosgw documentation (http://docs.ceph.com/docs/luminous/radosgw/encryption/):

  rgw crypt default encryption key = 4YSmvJtBv0aZ7geVgAsdpRnLBEwWSWlMIGnRS8a9TSA=

  Important: This mode is for diagnostic purposes only! The ceph configuration file is not a secure method for storing encryption keys.

    Keys that are accidentally exposed in this way should be considered compromised.




Is the warning only about the key exposure risk or does it mean also that the feature could be removed in future?


The is also another similar parameter "rgw crypt s3 kms encryption keys" (cf. usage example in http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-October/030679.html).


Both parameters are still interesting (provided the ceph.conf is encrypted) but we want to be sure that they will not be dropped in future.




Best Regards

Francois

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux