Hey ceph-users,
loosely related to my question about client-side encryption in the Cloud
Sync module
(https://lists.ceph.io/hyperkitty/list/ceph-users@ceph.io/thread/I366AIAGWGXG3YQZXP6GDQT4ZX2Y6BXM/)
I am wondering if there are other options to ensure data is encrypted at
rest and also only replicated as encrypted data ...
My thoughts / findings so far:
AWS S3 supports setting a bucket encryption policy
(https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html)
to "ApplyServerSideEncryptionByDefault" - so automatically apply SSE to
all objects without the clients to explicitly request this per object.
Ceph RGW has received support for such policy via the bucket encryption
API with
https://github.com/ceph/ceph/commit/95acefb2f5e5b1a930b263bbc7d18857d476653c.
I am now just wondering if there is any way to not only allow bucket
creators to apply such a policy themselves, but to apply this as a
global default in RGW, forcing all buckets to have SSE enabled -
transparently.
If there is no way to achieve this just yet, what are your thoughts
about adding such an option to RGW?
Regards
Christian
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
