eberlep
commented
2 years ago Server side encryption is already implemented via the backup config / WALG_S3_SSE.
Cloning/restoring should set WALG_S3_SSE as well, which is currently not the case(?). When restoring an old backup which was created before we enabled SSE, it should be possible to disable the server side encryption (which would otherwise try to decrypt a non-encrypted wal-g backup?).
When creating a backup-config, it should automatically be created with a random SSE key.
One option to consider: Setting the
wal-genvironment variables in the spilo image (via thepod_environment_configmap)https://github.com/zalando/spilo/blob/master/ENVIRONMENT.rst#wal-g
That would make use of all the features already implemented by
wal-gAnother option: encrypt the S3 bucket used for the backups (
WALG_S3_SSE?).Always required: bring your own key.