search

danilop / yas3fs

YAS3FS (Yet Another S3-backed File System) is a Filesystem in Userspace (FUSE) interface to Amazon S3. It was inspired by s3fs but rewritten from scratch to implement a distributed cache synchronized by Amazon SNS notifications. A web console is provided to easily monitor the nodes of a cluster.
http://danilop.github.io/yas3fs
MIT License
644 stars 98 forks source link

Client Side Encryption #103

Open padde opened 9 years ago

padde commented 9 years ago

Would be really nice to have that as well as an additional security layer for the paranoid. Any plans in this direction?

danilop commented 9 years ago

That is good suggestion, I have currently no plans, but any volunteer is welcome :)

liath commented 8 years ago

In case anyone else came to this issue looking for a solution, I use something like this: https://www.whaletech.co/2016/04/07/encryption-ephemeral-volumes-with-kms.html

With the yas3fs cache and mount point inside the encrypted partition. This way if the device is stolen I can revoke the key remotely making it (hopefully) impossible to decrypt the partition and gain access to the cache files or AWS credentials I use for mounting.

I'd just use normal LUKS authentication to mount the partition but the aforementioned device needs to live in a remote co-workers office and boot/mount this bucket without their interaction.