minio/pkg
Andreas Auernhammer 3455f786fa kms: encrypt IAM/config data with the KMS (#12041)
This commit changes the config/IAM encryption
process. Instead of encrypting config data
(users, policies etc.) with the root credentials
MinIO now encrypts this data with a KMS - if configured.

Therefore, this PR moves the MinIO-KMS configuration (via
env. variables) to a "top-level" configuration.
The KMS configuration cannot be stored in the config file
since it is used to decrypt the config file in the first
place.

As a consequence, this commit also removes support for
Hashicorp Vault - which has been deprecated anyway.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
2021-04-22 09:51:09 -07:00
..
argon2 fix: refactor locks to apply them uniquely per node (#11052) 2020-12-10 07:28:37 -08:00
auth ldap: Create services accounts for LDAP and STS temp accounts (#11808) 2021-04-14 22:51:14 -07:00
bandwidth Add basic bandwidth monitoring for replication. (#10501) 2020-10-09 20:36:00 -07:00
bpool Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
bucket Avoid metadata update for incoming replication failure (#12054) 2021-04-15 16:32:00 -07:00
certs feat: treat /var/run/secrets/ on k8s as system cert directory (#11123) 2020-12-16 18:24:12 -08:00
cgroup Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
color Bring in safe mode support (#8478) 2019-11-09 09:27:23 -08:00
console add _MINIO_SERVER_DEBUG env for enabling debug messages (#11128) 2020-12-17 16:52:47 -08:00
csvparser sql, csv: Cache some values between Read() calls to gain performance (#9645) 2020-05-22 10:15:08 -07:00
disk fix: mips 32bit compilation issue (#11775) 2021-03-15 06:02:09 -07:00
dsync dsync: use refresh timer properly to avoid leaks (#11820) 2021-03-17 16:37:13 -07:00
ellipses Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
env azure: Use default upload parameters to avoid consuming too much memory (#11251) 2021-01-11 22:48:09 -08:00
etag etag: add FromContentMD5 to parse content-md5 as ETag (#11688) 2021-03-03 12:58:28 -08:00
event use crypto/sha256 for FIPS 140-2 compliance (#11623) 2021-02-24 09:00:15 -08:00
fips kms: encrypt IAM/config data with the KMS (#12041) 2021-04-22 09:51:09 -07:00
handlers List v1/versions routes based on source IP if found (#10603) 2020-09-30 13:38:27 -07:00
hash use crypto/sha256 for FIPS 140-2 compliance (#11623) 2021-02-24 09:00:15 -08:00
iam/policy fix: add helper for expected path.Clean behavior (#12068) 2021-04-15 16:32:13 -07:00
ioutil fix: handle weird drives sporadic read O_DIRECT behavior (#11832) 2021-03-18 20:16:50 -07:00
kms kms: encrypt IAM/config data with the KMS (#12041) 2021-04-22 09:51:09 -07:00
licverifier update license verifier to use updated keys (#11197) 2021-01-06 10:17:05 -08:00
lock fix: Allow Walk to honor load balanced drives (#10610) 2020-10-01 20:24:34 -07:00
lsync api: Introduce metadata update APIs to update only metadata (#11962) 2021-04-04 13:32:31 -07:00
madmin kms: encrypt IAM/config data with the KMS (#12041) 2021-04-22 09:51:09 -07:00
mimedb Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
mountinfo ignore more tokens in some mountinfo entries (#12104) 2021-04-21 08:40:49 -07:00
net fix: allow S3 gateway passthrough for SSE-S3 header (#12020) 2021-04-08 16:40:38 -07:00
pubsub tracing: NumSubscribers() to use atomic instead of mutex (#11219) 2021-01-04 09:40:30 -08:00
quick fix: etcd import paths again depend on v3.4.14 release (#11020) 2020-12-03 11:35:18 -08:00
rpc Upgrade compress and pgzip package (#10992) 2020-11-27 10:10:15 -08:00
s3select fix: remove auto-close GetObjectReader (#12009) 2021-04-07 13:29:27 -07:00
safe Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
smart fix: incorrect errors thrown by lint (#11699) 2021-03-04 14:27:38 -08:00
sync/errgroup fix: align atomic variables for 32bit arch (#11475) 2021-02-08 08:51:12 -08:00
sys fix: mips 32bit compilation issue (#11775) 2021-03-15 06:02:09 -07:00
trace tracing: Support older admin tracing API (#11999) 2021-04-07 08:16:10 -07:00
trie fix: [fs] CompleteMultipart use trie structure for partMatch (#10522) 2020-09-21 01:18:13 -07:00
wildcard Simplify cast of string to rune slice in wildcard matching (#9577) 2020-05-14 08:20:13 -07:00
words Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00