Dear Casey, Dear Ceph Users
The following is written in the radosgw documentation (http://docs.ceph.com/docs/luminous/radosgw/encryption/): rgw crypt default encryption key = 4YSmvJtBv0aZ7geVgAsdpRnLBEwWSWlMIGnRS8a9TSA= Important: This mode is for diagnostic purposes only! The ceph configuration file is not a secure method for storing encryption keys. Keys that are accidentally exposed in this way should be considered compromised. Is the warning only about the key exposure risk or does it mean also that the feature could be removed in future? The is also another similar parameter "rgw crypt s3 kms encryption keys" (cf. usage example in http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-October/030679.html).<http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-October/030679.html> Both parameters are still interesting (provided the ceph.conf is encrypted) but we want to be sure that they will not be dropped in future. Best Regards Francois
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
