Re: RGW automation encryption - still testing only?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 8, 2022 at 11:11 AM Casey Bodley <cbodley@xxxxxxxxxx> wrote:
>
> hi David,
>
> that method of encryption based on rgw_crypt_default_encryption_key
> will never be officially supported.

to expand on why: rgw_crypt_default_encryption_key requires the key
material to be stored insecurely in ceph's config, and cannot support
key rotation

> however, support for SSE-S3
> encryption [1] is nearly complete in [2] (cc Marcus), and we hope to
> include that in the quincy release - and if not, we'll backport it to
> quincy in an early point release
>
> can SSE-S3 with PutBucketEncryption satisfy your use case?
>
> [1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
> [2] https://github.com/ceph/ceph/pull/44494
>
> On Tue, Feb 8, 2022 at 10:44 AM David Orman <ormandj@xxxxxxxxxxxx> wrote:
> >
> > Is RGW encryption for all objects at rest still testing only, and if not,
> > which version is it considered stable in?:
> >
> > https://docs.ceph.com/en/latest/radosgw/encryption/#automatic-encryption-for-testing-only
> >
> > David
> > _______________________________________________
> > ceph-users mailing list -- ceph-users@xxxxxxx
> > To unsubscribe send an email to ceph-users-leave@xxxxxxx
> >

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux