MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

add SSE-KMS support and use SSE-KMS for auto encryption (#11767)

Browse Source 
This commit adds basic SSE-KMS support.
Now, a client can specify the SSE-KMS headers
(algorithm, optional key-id, optional context)
such that the object gets encrypted using the
SSE-KMS method. Further, auto-encryption now
defaults to SSE-KMS.

This commit does not try to do any refactoring
and instead tries to implement SSE-KMS as a minimal
change to the code base. However, refactoring the entire
crypto-related code is planned - but needs a separate
effort.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
Co-authored-by: Klaus Post <klauspost@gmail.com>
This commit is contained in:
Andreas Auernhammer
2021-05-05 20:24:14 +02:00
committed by GitHub
parent 3a0e7347ca
commit 26f1fcab7d
7 changed files with 229 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/tier.go
View File

@@ -28,7 +28,9 @@ import (
"strings"
"sync"
"github.com/minio/minio/cmd/crypto"
"github.com/minio/minio/pkg/hash"
"github.com/minio/minio/pkg/kms"
"github.com/minio/minio/pkg/madmin"
)
@@ -236,9 +238,7 @@ func (config *TierConfigMgr) configReader() (*PutObjReader, *ObjectOptions, erro
// Encrypt json encoded tier configurations
metadata := make(map[string]string)
sseS3 := true
var extKey [32]byte
encBr, oek, err := newEncryptReader(hr, extKey[:], minioMetaBucket, tierConfigPath, metadata, sseS3)
encBr, oek, err := newEncryptReader(hr, crypto.S3KMS, "", nil, minioMetaBucket, tierConfigPath, metadata, kms.Context{})
if err != nil {
return nil, nil, err
}