MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,218 Commits 5 Branches 503 Tags 186 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
Andreas Auernhammer b989e5a514
kms: KES client should return non-nil error when GenerateKey fails (#12290) 
This commit fixes a bug in the KMS KES client integration.
The client should return a non-nil error when the key generation
fails.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
 2021-05-13 09:11:10 -07:00
Andreas Auernhammer d8eb7d3e15
kms: replace KES client implementation with minio/kes (#12207) 
This commit replaces the custom KES client implementation
with the KES SDK from https://github.com/minio/kes

The SDK supports multi-server client load-balancing and
requests retry out of the box. Therefore, this change reduces
the overall complexity within the MinIO server and there
is no need to maintain two separate client implementations.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
 2021-05-10 18:15:11 -07:00
Harshavardhana 2966823818
use jsoniter for json marshal/unmarshal in KMS (#12146) 
Signed-off-by: Harshavardhana <harsha@minio.io>
 2021-04-26 16:01:52 -07:00
Andreas Auernhammer f7feff8665
avoid parsing MINIO_KMS_MASTER_KEY as base64 (#12149) 
This commit reverts a change that added support for
parsing base64-encoded keys set via `MINIO_KMS_MASTER_KEY`.

The env. variable `MINIO_KMS_MASTER_KEY` is deprecated and
should ONLY support parsing existing keys - not the new format.

Any new deployment should use `MINIO_KMS_SECRET_KEY`. The legacy
env. variable `MINIO_KMS_MASTER_KEY` will be removed at some point
in time.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
 2021-04-25 11:04:31 -07:00
Harshavardhana f420996dfa
fix: allow parsing keys in both new and old format (#12144) 
Bonus fix fallback to decrypt previously
encrypted content as well using older master
key ciphertext format.

Signed-off-by: Harshavardhana <harsha@minio.io>
 2021-04-24 19:05:25 -07:00
Harshavardhana 069432566f update license change for MinIO 
Signed-off-by: Harshavardhana <harsha@minio.io>
 2021-04-23 11:58:53 -07:00
Andreas Auernhammer 3455f786fa kms: encrypt IAM/config data with the KMS (#12041) 
This commit changes the config/IAM encryption
process. Instead of encrypting config data
(users, policies etc.) with the root credentials
MinIO now encrypts this data with a KMS - if configured.

Therefore, this PR moves the MinIO-KMS configuration (via
env. variables) to a "top-level" configuration.
The KMS configuration cannot be stored in the config file
since it is used to decrypt the config file in the first
place.

As a consequence, this commit also removes support for
Hashicorp Vault - which has been deprecated anyway.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
 2021-04-22 09:51:09 -07:00
Andreas Auernhammer 885c170a64
introduce new package pkg/kms (#12019) 
This commit introduces a new package `pkg/kms`.
It contains basic types and functions to interact
with various KMS implementations.

This commit also moves KMS-related code from `cmd/crypto`
to `pkg/kms`. Now, it is possible to implement a KMS-based
config data encryption in the `pkg/config` package.
 2021-04-15 08:47:33 -07:00