Project

General

Profile

Actions
Copy link

Feature #41672

open

[rfe] rgw: further cleanup around rgw_crypt_default_encryption_key

Added by Matt Benjamin over 4 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
Matt Benjamin
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

Implement the following improvements

1. move the key text from the conf file to secrets file that can be permitted
2. introduce a key_id concept to the key--there will continue to be only one master key, but add a "kvno"-like
concept to version that key, includes
2.1 parsing of key id
2.2 storing of key_id in object attrs
2.3 return of key_id from HEAD requests
2.4 extension to SSE-C logic to permit explicit decryption of objects (previously uploaded by SSE-S3/KMS) using a supplied master key (SSL-only, as normal), allowing sites to perform their own recovery and re-encryption after rotating their master key

Actions
Copy link
 #1

Updated by Matt Benjamin over 4 years ago

  • Assignee set to Matt Benjamin
Actions
Copy link
 #2

Updated by Casey Bodley over 4 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link

Also available in: Atom PDF