> We have a multisite Ceph configuration, with http (not https) sync endpoints. Are all sync traffic in plain text? For S3 v4 auth, there are things that "obfuscates" the login auth, but might not be called real crypto in that sense, so if you decide to send things in the clear, expect it to be sent in the clear, even if it is made "hard to read". > We have concerns about metadata. For example, when syncing a newly created user and its access key and secret key from the Master zone to a secondary zone, is this traffic in plain text? If so, what are options to encrypt it? Then either choose https or wrap your traffic in any of the VPN solutions from the last 30 years or so. If the endpoints can't be changed to https for some reason, then secure all the traffic just like with any other communication protocol. -- May the most significant bit of your life be positive. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx