MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-21 02:09:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

add auto-encryption feature (#6523)

Browse Source 
This commit adds an auto-encryption feature which allows
the Minio operator to ensure that uploaded objects are
always encrypted.

This change adds the `autoEncryption` configuration option
as part of the KMS conifguration and the ENV. variable
`MINIO_SSE_AUTO_ENCRYPTION:{on,off}`.

It also updates the KMS documentation according to the
changes.

Fixes #6502
This commit is contained in:
Andreas Auernhammer
2018-12-14 22:35:48 +01:00
committed by kannappanr
parent bebaff269c
commit d264d2c899
10 changed files with 132 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/server-main.go
View File

@@ -18,6 +18,7 @@ package cmd
import (
"context"
"errors"
"fmt"
"net/http"
"os"
@@ -383,6 +384,9 @@ func serverMain(ctx *cli.Context) {
if err = globalNotificationSys.Init(newObject); err != nil {
logger.LogIf(context.Background(), err)
}
if globalAutoEncryption && !newObject.IsEncryptionSupported() {
logger.Fatal(errors.New("Invalid KMS configuration"), "auto-encryption is enabled but server does not support encryption")
}
globalObjLayerMutex.Lock()
globalObjectAPI = newObject