On Tue, Feb 8, 2022 at 11:55 AM Stefan Schueffler <s.schueffler@xxxxxxxxxxxxx> wrote: > > Hi Casey, > > great news to hear about "SSE-S3 almost implemented" :-) > > One question about that - will the implementation have one key per bucket, or one key per individual object? > > Amazon (as per the public available docs) is using one unique key per object - and encrypts the key on top of this with a per bucket or master key that regularly rotates. my understanding is that there are per-object keys, and key-encryption-keys that can either be per-bucket, per-user, or global depending on ceph config > > https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html > > Best > Stefan > > > > > Am 08.02.2022 um 17:11 schrieb Casey Bodley <cbodley@xxxxxxxxxx>: > > hi David, > > that method of encryption based on rgw_crypt_default_encryption_key > will never be officially supported. however, support for SSE-S3 > encryption [1] is nearly complete in [2] (cc Marcus), and we hope to > include that in the quincy release - and if not, we'll backport it to > quincy in an early point release > > can SSE-S3 with PutBucketEncryption satisfy your use case? > > [1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html > [2] https://github.com/ceph/ceph/pull/44494 > > On Tue, Feb 8, 2022 at 10:44 AM David Orman <ormandj@xxxxxxxxxxxx> wrote: > > > Is RGW encryption for all objects at rest still testing only, and if not, > which version is it considered stable in?: > > https://docs.ceph.com/en/latest/radosgw/encryption/#automatic-encryption-for-testing-only > > David > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > > _______________________________________________ > ceph-users mailing list -- ceph-users@xxxxxxx > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |