This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 925b0d5fee9cc621a5257b303b289d82f6358533 Author: Benoit Tellier <[email protected]> AuthorDate: Fri Mar 26 15:16:39 2021 +0700 JAMES-3524 Configuration should help setting up AES encryption --- .../destination/conf/blob.properties | 14 +++++++++++++- .../cassandra-rabbitmq/destination/conf/blob.properties | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties b/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties index c70b3c7..2e06135 100644 --- a/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties +++ b/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties @@ -5,13 +5,25 @@ # Mandatory, allowed values are: cassandra, s3 implementation=s3 -# ========================================= ObjectStorage deduplication ======================================== +# ========================================= Deduplication ======================================== # If you choose to enable deduplication, the mails with the same content will be stored only once. # Warning: Once this feature is enabled, there is no turning back as turning it off will lead to the deletion of all # the mails sharing the same content once one is deleted. # Mandatory, Allowed values are: true, false deduplication.enable=false +# ========================================= Encryption ======================================== +# If you choose to enable encryption, the blob content will be encrypted before storing them in the BlobStore. +# Warning: Once this feature is enabled, there is no turning back as turning it off will lead to all content being +# encrypted. This comes at a performance impact but presents you from leaking data if, for instance the third party +# offering you a S3 service is compromised. +# Optional, Allowed values are: true, false, defaults to false +encryption.aes.enable=false + +# Mandatory (if AES encryption is enabled) salt and password. Salt needs to be an hexadecimal encoded string +#encryption.aes.password=xxx +#encryption.aes.salt=73616c7479 + # ========================================= Cassandra BlobStore Cache ====================================== # A cassandra cache can be enabled to reduce latency when reading small blobs frequently # A dedicated keyspace with a replication factor of one is then used diff --git a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties index 1797038..481ef70 100644 --- a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties +++ b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties @@ -5,13 +5,25 @@ # Mandatory, allowed values are: cassandra, s3 implementation=s3 -# ========================================= ObjectStorage deduplication ======================================== +# ========================================= Deduplication ======================================== # If you choose to enable deduplication, the mails with the same content will be stored only once. # Warning: Once this feature is enabled, there is no turning back as turning it off will lead to the deletion of all # the mails sharing the same content once one is deleted. # Mandatory, Allowed values are: true, false deduplication.enable=false +# ========================================= Encryption ======================================== +# If you choose to enable encryption, the blob content will be encrypted before storing them in the BlobStore. +# Warning: Once this feature is enabled, there is no turning back as turning it off will lead to all content being +# encrypted. This comes at a performance impact but presents you from leaking data if, for instance the third party +# offering you a S3 service is compromised. +# Optional, Allowed values are: true, false, defaults to false +encryption.aes.enable=false + +# Mandatory (if AES encryption is enabled) salt and password. Salt needs to be an hexadecimal encoded string +#encryption.aes.password=xxx +#encryption.aes.salt=73616c7479 + # ========================================= Cassandra BlobStore Cache ====================================== # A cassandra cache can be enabled to reduce latency when reading small blobs frequently # A dedicated keyspace with a replication factor of one is then used --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
