Hi,
I try to evaluate SSE-C (so customer provides keys) for our object storages.
We do not provide a KMS server.
I've added "Access-Control-Allow-Headers" to the haproxy frontend.
rspadd Access-Control-Allow-Headers...
x-amz-server-side-encryption-customer-algorithm,\
x-amz-server-side-encryption-customer-key,\
x-amz-server-side-encryption-customer-key-MD5
I've also enabled "rgw_trust_forwarded_https = true" in the client section
in the ceph.conf and restarted the RGW daemons.
I now try to get it working, but I am not sure if I am doing it correctly.
$ encKey=$(openssl rand -base64 32)
$ md5Key=$(echo $encKey | md5sum | awk '{print $1}' | base64)
$ aws s3api --endpoint=https://radosgw put-object \
--body ~/Downloads/TESTFILE \
--bucket test-bb-encryption \
--key TESTFILE \
--sse-customer-algorithm AES256 \
--sse-customer-key $encKey \
--sse-customer-key-md5 $md5Key
This is what the RGW log gives me:
2023-03-17T10:55:55.465+0000 7f42bbe5f700 1 ====== starting new request
req=0x7f448c185700 =====
2023-03-17T10:55:55.469+0000 7f434df83700 1 ====== req done
req=0x7f448c185700 op status=-2021 http_status=400 latency=3999985ns ======
2023-03-17T10:55:55.469+0000 7f434df83700 1 beast: 0x7f448c185700: IPV6 -
- [2023-03-17T10:55:55.469539+0000] "PUT /test-bb-encryption/TESTFILE
HTTP/1.1" 400 221 - "aws-cli/2.4.18 Python/3.9.10 Darwin/22.3.0
source/x86_64 prompt/off command/s3api.put-object" -
Maybe someone got a wroking example and is willing to share it with me, or
did also encounter this problem and knows what to do?
It's and octopus cluster.
Cheers
Boris
--
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
groüen Saal.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
