Re: RGW automation encryption - still testing only?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 8, 2022 at 11:55 AM Stefan Schueffler
<s.schueffler@xxxxxxxxxxxxx> wrote:
>
> Hi Casey,
>
> great news to hear about "SSE-S3 almost implemented" :-)
>
> One question about that - will the implementation have one key per bucket, or one key per individual object?
>
> Amazon (as per the public available docs) is using one unique key per object - and encrypts the key on top of this with a per bucket or master key that regularly rotates.

my understanding is that there are per-object keys, and
key-encryption-keys that can either be per-bucket, per-user, or global
depending on ceph config

>
> https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
>
> Best
> Stefan
>
>
>
>
> Am 08.02.2022 um 17:11 schrieb Casey Bodley <cbodley@xxxxxxxxxx>:
>
> hi David,
>
> that method of encryption based on rgw_crypt_default_encryption_key
> will never be officially supported. however, support for SSE-S3
> encryption [1] is nearly complete in [2] (cc Marcus), and we hope to
> include that in the quincy release - and if not, we'll backport it to
> quincy in an early point release
>
> can SSE-S3 with PutBucketEncryption satisfy your use case?
>
> [1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
> [2] https://github.com/ceph/ceph/pull/44494
>
> On Tue, Feb 8, 2022 at 10:44 AM David Orman <ormandj@xxxxxxxxxxxx> wrote:
>
>
> Is RGW encryption for all objects at rest still testing only, and if not,
> which version is it considered stable in?:
>
> https://docs.ceph.com/en/latest/radosgw/encryption/#automatic-encryption-for-testing-only
>
> David
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
>
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>
>

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux