kms: add MINIO_KMS_REPLICATE_KEYID option (#20909)

This commit adds the `MINIO_KMS_REPLICATE_KEYID` env. variable. By default - if not specified or not set to `off` - MinIO will replicate the KMS key ID of an object. If `MINIO_KMS_REPLICATE_KEYID=off`, MinIO does not include the object's KMS Key ID when replicating an object. However, it always sets the SSE-KMS encryption header. This ensures that the object gets encrypted using SSE-KMS. The target site chooses the KMS key ID that gets used based on the site and bucket config. Signed-off-by: Andreas Auernhammer <github@aead.dev>
2025-11-07 21:02:58 -05:00 · 2025-02-08 00:21:09 +01:00
parent b8dde47d4e
commit 703f51164d
3 changed files with 37 additions and 1 deletions
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,8 @@ module github.com/minio/minio

 go 1.23

+toolchain go1.23.6
+
 require (
 	cloud.google.com/go/storage v1.46.0
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0