Hi Casey, great news to hear about "SSE-S3 almost implemented" :-) One question about that - will the implementation have one key per bucket, or one key per individual object? Amazon (as per the public available docs) is using one unique key per object - and encrypts the key on top of this with a per bucket or master key that regularly rotates. https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html Best Stefan Am 08.02.2022 um 17:11 schrieb Casey Bodley <cbodley@xxxxxxxxxx<mailto:cbodley@xxxxxxxxxx>>: hi David, that method of encryption based on rgw_crypt_default_encryption_key will never be officially supported. however, support for SSE-S3 encryption [1] is nearly complete in [2] (cc Marcus), and we hope to include that in the quincy release - and if not, we'll backport it to quincy in an early point release can SSE-S3 with PutBucketEncryption satisfy your use case? [1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html [2] https://github.com/ceph/ceph/pull/44494 On Tue, Feb 8, 2022 at 10:44 AM David Orman <ormandj@xxxxxxxxxxxx<mailto:ormandj@xxxxxxxxxxxx>> wrote: Is RGW encryption for all objects at rest still testing only, and if not, which version is it considered stable in?: https://docs.ceph.com/en/latest/radosgw/encryption/#automatic-encryption-for-testing-only David _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx<mailto:ceph-users@xxxxxxx> To unsubscribe send an email to ceph-users-leave@xxxxxxx<mailto:ceph-users-leave@xxxxxxx> _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |