Open Arsnael opened 5 days ago
Question: I think the salt here is simply the domain right? (for having something multitenancy like) Likely we don't need encryption.s3.sse.c.master.key.salt
param then?
Question: I think the salt here is simply the domain right? (for having something multitenancy like) Likely we don't need encryption.s3.sse.c.master.key.salt param then?
From what I understand, the salt configuration is related to key derivation, and likely can be added in the other derivation tickets. Let's start simple without salt (use the same encryption key) first?
Basic implem generate key at startup and uses the same one everywhere.
As today AESBlobStoreDAO
Let's do better in a later ticket...
Allow to use https://help.ovhcloud.com/csm/en-public-cloud-storage-s3-encrypt-objects-sse-c?id=kb_article_view&sysparm_article=KB0047314 (client provided keys)
(Meaning we can either do AES james side OR do SSE-C OR do nothing)
Configuration
blob.properties
:Within
blob-s3
maven project, reuse dependecyblob-aes
and usePBKDF2StreamingAeadFactory
to derive the new key.Integration with the S3 driver is straight forward:
DoD: