Re: Multisite sync: is metadata transferred in plain text?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Got it, thank you Janne.

Best Regards,
Mary

On Mon, Sep 23, 2024, 1:30 AM Janne Johansson <icepic.dz@xxxxxxxxx> wrote:

> > We have a multisite Ceph configuration, with http (not https) sync
> endpoints. Are all sync traffic in plain text?
>
> For S3 v4 auth, there are things that "obfuscates" the login auth, but
> might not be called real crypto in that sense, so if you decide to
> send things in the clear, expect it to be sent in the clear, even if
> it is made "hard to read".
>
> > We have concerns about metadata. For example, when syncing a newly
> created user and its access key and secret key from the Master zone to a
> secondary zone, is this traffic in plain text? If so, what are options to
> encrypt it?
>
> Then either choose https or wrap your traffic in any of the VPN
> solutions from the last 30 years or so.
> If the endpoints can't be changed to https for some reason, then
> secure all the traffic just like with any other communication
> protocol.
>
> --
> May the most significant bit of your life be positive.
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux