Actions
Feature #41672
open[rfe] rgw: further cleanup around rgw_crypt_default_encryption_key
% Done:
0%
Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
Implement the following improvements
1. move the key text from the conf file to secrets file that can be permitted
2. introduce a key_id concept to the key--there will continue to be only one master key, but add a "kvno"-like
concept to version that key, includes
2.1 parsing of key id
2.2 storing of key_id in object attrs
2.3 return of key_id from HEAD requests
2.4 extension to SSE-C logic to permit explicit decryption of objects (previously uploaded by SSE-S3/KMS) using a supplied master key (SSL-only, as normal), allowing sites to perform their own recovery and re-encryption after rotating their master key
Actions