MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-10 22:10:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: add QuickStart section to KMS encryption of IAM data (#12190)

Browse Source 
This commit enhances the docs about IAM encryption.
It adds a quick-start section that explains how to
get started quickly with `MINIO_KMS_SECRET_KEY`
instead of setting up KES.

It also removes the startup message that gets printed
when the server migrates IAM data to plaintext.
We will point this out in the release notes.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
This commit is contained in:
Andreas Auernhammer
2021-04-29 23:20:28 +02:00
committed by GitHub
parent c5a80ca5d5
commit e5ec1325fc
2 changed files with 59 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/config-encrypted.go
View File

@@ -94,8 +94,6 @@ func migrateIAMConfigsEtcdToEncrypted(ctx context.Context, client *etcd.Client)
return err
}
logger.Info("Attempting to re-encrypt config, IAM users and policies on MinIO with %q (%s)", stat.DefaultKey, stat.Name)
} else {
logger.Info("Attempting to migrate encrypted config, IAM users and policies on MinIO to a plaintext format. To encrypt all MinIO config data a KMS is needed")
}
}
@@ -139,9 +137,7 @@ func migrateIAMConfigsEtcdToEncrypted(ctx context.Context, client *etcd.Client)
if encrypted {
if GlobalKMS != nil {
logger.Info("Migration of encrypted config data completed. All config data is now encrypted with the KMS")
} else {
logger.Info("Migration of encrypted config data completed. All config data is now stored in plaintext")
logger.Info("Migration of encrypted config data completed. All config data is now encrypted.")
}
}
return deleteKeyEtcd(ctx, client, backendEncryptedFile)
@@ -158,8 +154,6 @@ func migrateConfigPrefixToEncrypted(objAPI ObjectLayer, encrypted bool) error {
return err
}
logger.Info("Attempting to re-encrypt config, IAM users and policies on MinIO with %q (%s)", stat.DefaultKey, stat.Name)
} else {
logger.Info("Attempting to migrate encrypted config, IAM users and policies on MinIO to a plaintext format. To encrypt all MinIO config data a KMS is needed")
}
}
@@ -201,9 +195,7 @@ func migrateConfigPrefixToEncrypted(objAPI ObjectLayer, encrypted bool) error {
}
if encrypted {
if GlobalKMS != nil {
logger.Info("Migration of encrypted config data completed. All config data is now encrypted with the KMS")
} else {
logger.Info("Migration of encrypted config data completed. All config data is now stored in plaintext")
logger.Info("Migration of encrypted config data completed. All config data is now encrypted.")
}
}
return deleteConfig(GlobalContext, globalObjectAPI, backendEncryptedFile)