Add middleware to encrypt object data before sending to storage backend

gaul / s3proxy

Access other storage backends via the S3 API

Apache License 2.0

1.78k stars 231 forks source link

Add middleware to encrypt object data before sending to storage backend #126

Open gaul opened 8 years ago

gaul commented 8 years ago

This would enable data privacy on backends without encryption, e.g., Rackspace Cloud Files, as well as improve privacy on backends with it, e.g., Amazon S3, due to handling the private key in S3Proxy.

shenghu commented 7 years ago

@andrewgaul does s3proxy support encryption on object storage?

gaul commented 7 years ago

@shenghu S3Proxy does not support object server-side encryption due to a lack of support in the underlying jclouds, tracked by JCLOUDS-1253. This issue tracks something different, object client-side encryption. This difference lies in who does key management; in the former, the object store manages keys, in the latter, S3Proxy manages keys. Ideally S3Proxy would support both.

gaul commented 7 years ago

S3Proxy could include EncryptedBlobStore from Bounce:

https://github.com/bouncestorage/bouncestorage/blob/master/bounce/src/main/java/com/bouncestorage/bounce/EncryptedBlobStore.java