minio/internal/kms
Andreas Auernhammer 4d2fc530d0
add support for SSE-S3 bulk ETag decryption (#14627)
This commit adds support for bulk ETag
decryption for SSE-S3 encrypted objects.

If KES supports a bulk decryption API, then
MinIO will check whether its policy grants
access to this API. If so, MinIO will use
a bulk API call instead of sending encrypted
ETags serially to KES.

Note that MinIO will not use the KES bulk API
if its client certificate is an admin identity.

MinIO will process object listings in batches.
A batch has a configurable size that can be set
via `MINIO_KMS_KES_BULK_API_BATCH_SIZE=N`.
It defaults to `500`.

This env. variable is experimental and may be
renamed / removed in the future.

Signed-off-by: Andreas Auernhammer <hi@aead.dev>
2022-03-25 15:01:41 -07:00
..
context.go run gofumpt cleanup across code-base (#14015) 2022-01-02 09:15:06 -08:00
dek_test.go rename all remaining packages to internal/ (#12418) 2021-06-01 14:59:40 -07:00
kes.go add support for SSE-S3 bulk ETag decryption (#14627) 2022-03-25 15:01:41 -07:00
kms.go add support for SSE-S3 bulk ETag decryption (#14627) 2022-03-25 15:01:41 -07:00
single-key_test.go rename all remaining packages to internal/ (#12418) 2021-06-01 14:59:40 -07:00
single-key.go add support for SSE-S3 bulk ETag decryption (#14627) 2022-03-25 15:01:41 -07:00