mirror of https://github.com/minio/minio.git
8b660e18f2
This commit adds support for MinKMS. Now, there are three KMS implementations in `internal/kms`: Builtin, MinIO KES and MinIO KMS. Adding another KMS integration required some cleanup. In particular: - Various KMS APIs that haven't been and are not used have been removed. A lot of the code was broken anyway. - Metrics are now monitored by the `kms.KMS` itself. For basic metrics this is simpler than collecting metrics for external servers. In particular, each KES server returns its own metrics and no cluster-level view. - The builtin KMS now uses the same en/decryption implemented by MinKMS and KES. It still supports decryption of the previous ciphertext format. It's backwards compatible. - Data encryption keys now include a master key version since MinKMS supports multiple versions (~4 billion in total and 10000 concurrent) per key name. Signed-off-by: Andreas Auernhammer <github@aead.dev> |
||
|---|---|---|
| .. | ||
| config.go | ||
| config_test.go | ||
| conn.go | ||
| context.go | ||
| dek_test.go | ||
| errors.go | ||
| kes.go | ||
| kms.go | ||
| secret-key.go | ||
| secret-key_test.go | ||