add functions to remove confidential information (#6516)

This commit adds two functions for removing confidential information - like SSE-C keys - from HTTP headers / object metadata. This creates a central point grouping all headers/entries which must be filtered / removed. See also https://github.com/minio/minio/pull/6489#discussion_r219797993 of #6489
2025-11-28 13:09:09 -05:00 · 2018-09-24 17:32:51 +02:00
parent 48bfebe442
commit 8cf7b88cc5
4 changed files with 125 additions and 4 deletions
--- a/cmd/crypto/metadata.go
+++ b/cmd/crypto/metadata.go
@@ -32,6 +32,14 @@ func IsMultiPart(metadata map[string]string) bool {
 	return false
 }

+// RemoveSensitiveEntries removes confidential encryption
+// information - e.g. the SSE-C key - from the metadata map.
+// It has the same semantics as RemoveSensitiveHeaders.
+func RemoveSensitiveEntries(metadata map[string]string) { // The functions is tested in TestRemoveSensitiveHeaders for compatibility reasons
+	delete(metadata, SSECKey)
+	delete(metadata, SSECopyKey)
+}
+
 // IsEncrypted returns true if the object metadata indicates
 // that it was uploaded using some form of server-side-encryption.
 //