Hi Arnaud, Thanks for your support! I am currently integrating Ceph RADOS Gateway (RGW) with HashiCorp Vault for SSE-S3 encryption and using js to upload objects to an encrypted bucket. I have configured the necessary parameters in my request, but I am encountering an "Invalid Request" error during the upload process. Attachments: Screenshot of the code and error logs for reference. I appreciate any guidance from the community to resolve this issue. Looking forward to your insights Thanks & Regards, Dhivya G|Associate Software Engineer Ph No: (+91) 9894944910 email: dhivya.g@xxxxxxxxxxx Zybisys Consulting LLP | Srinivasa Tower' No.29, 39th E Cross, 4th T Block, Jayanagar , Bangalore India - 560041http://zybisys.com/ ---- On Fri, 28 Feb 2025 05:03:50 +0530 Arnaud Lefebvre <arnaud.lefebvre@xxxxxxxxxxxxxxxx> wrote --- Hello, I've been working on having SSE-S3 work too in the past few days with a v18 cluster (SSE-S3 is only available starting v17 IIRC). First thing to check are the radosgw logs. Don't hesitate to increase them with `debug rgw 20/20` if possible, you'll see the error and vault interactions. Then, you need to configure the radosgw properly. I had a bit of a hard time to figure it out from the docs, but here's my test configuration: ``` rgw_crypt_s3_kms_backend = vault rgw_crypt_sse_s3_vault_secret_engine = transit rgw_crypt_sse_s3_vault_auth = token rgw_crypt_sse_s3_vault_token_file = /run/.rgw-vault-token rgw_crypt_sse_s3_vault_addr = http://172.17.0.1:8200 rgw_crypt_sse_s3_vault_prefix = /v1/transit/ rgw_crypt_sse_s3_vault_verify_ssl = false rgw_crypt_vault_secret_engine = kv rgw_crypt_vault_auth = token rgw_crypt_vault_token_file = /run/.rgw-vault-token rgw_crypt_vault_addr = http://172.17.0.1:8200 rgw_crypt_vault_prefix = /v1/secret/data/ rgw_crypt_vault_verify_ssl = false ``` The sse_s3 configuration keys are the ones used for SSE-S3 while the other (crypt_vault) are used only for SSE-KMS (if I understood everything well). From there and once I used the PutBucketEncryption API to use SSE-S3 as default, everything worked fine. If that still doesn't work on your end, then I guess you'll need to share some logs / errors or request output! Good hacking! Disclaimer : The content of this email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify the sender and remove the messages from your system. If you are not the named addressee, it is strictly forbidden for you to share, circulate, distribute or copy any part of this e-mail to any third party without the written consent of the sender. E-mail transmission cannot be guaranteed to be secured or error free as information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or may contain viruses. Therefore, we do not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email." _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |