On Tue, Feb 8, 2022 at 11:11 AM Casey Bodley <cbodley@xxxxxxxxxx> wrote: > > hi David, > > that method of encryption based on rgw_crypt_default_encryption_key > will never be officially supported. to expand on why: rgw_crypt_default_encryption_key requires the key material to be stored insecurely in ceph's config, and cannot support key rotation > however, support for SSE-S3 > encryption [1] is nearly complete in [2] (cc Marcus), and we hope to > include that in the quincy release - and if not, we'll backport it to > quincy in an early point release > > can SSE-S3 with PutBucketEncryption satisfy your use case? > > [1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html > [2] https://github.com/ceph/ceph/pull/44494 > > On Tue, Feb 8, 2022 at 10:44 AM David Orman <ormandj@xxxxxxxxxxxx> wrote: > > > > Is RGW encryption for all objects at rest still testing only, and if not, > > which version is it considered stable in?: > > > > https://docs.ceph.com/en/latest/radosgw/encryption/#automatic-encryption-for-testing-only > > > > David > > _______________________________________________ > > ceph-users mailing list -- ceph-users@xxxxxxx > > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |