search

minio / mc

Simple | Fast tool to manage MinIO clusters :cloud:
https://min.io/download
GNU Affero General Public License v3.0
2.84k stars 546 forks source link

mc client doesnt work when passing SSE-C key #5061

Closed botcheddevil closed 1 hour ago

botcheddevil commented 3 hours ago

Expected behavior

.\mc.exe cp --enc-c "public/encrypted-file.txt=EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E=" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt

Should upload and encrypted file.

Actual behavior

I get the following error:

mc.exe: SSE Error. SSE key is missing.

Steps to reproduce the behavior

  1. Setup minio in minikube k8s using values file

values-minio.yaml

mode: standalone
rootUser: "minio"
rootPassword: "minio123"
resources:
  requests:
    memory: 512Mi
persistence:
  enabled: true
  storageClass: "minio-retain-sc"
  accessMode: ReadWriteOnce
  size: 100Gi
existingClaim: ""
console:
  enabled: true
debug:
  enabled: true
log:
  level: debug
tls:
  enabled: true
  certSecret: minio-tls-cert-secret
  publicCrt: tls.crt
  privateKey: tls.key
.\minikube\minikube.exe start --mount --mount-string="D:\data:/minikube-host"
kubectl create ns minio-system
kubectl create -f .\charts\minio-storage-class.yaml
kubectl create -f .\charts\minio-pv.yaml
kubectl create secret tls minio-tls-cert-secret --cert=public.crt --key=private.key -n minio-system
helm install minio minio/minio --namespace minio-system -f .\charts\values-minio.yaml --debug --timeout 10m

mc --version

mc version RELEASE.2024-10-08T09-37-26Z (commit-id=cf128de2cf42e763e7bd30c6df8b749fa94e0c10)
Runtime: go1.22.8 windows/amd64
Copyright (c) 2015-2024 MinIO, Inc.
License GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>

System information

Windows 10 on i9

zveinn commented 2 hours ago

you need to do `--sse-c="key"

botcheddevil commented 2 hours ago

Thank you for your response.

I tried the following variations none of them worked. Could you share the complete command?

.\mc.exe cp --sse-c="EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E=" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt mc.exe: Invalid command usage, flag provided but not defined: -sse-c

.\mc.exe cp --enc-c "--sse-c=EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E=" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt mc.exe: SSE Error. SSE key is missing.

.\mc.exe cp --enc-c "sse-c=EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E=" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt

zveinn commented 1 hour ago

ohh..my bad it's --enc-c "alias/bucket/path=key"

zveinn commented 1 hour ago

.\mc.exe cp --enc-c "public/encrypted-file.txt=EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E=" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt

should be .\mc.exe cp --enc-c "myminio/public/encrypted-file.txt=EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E=" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt

klauspost commented 1 hour ago

Did we loosen the "raw" base 64 requirement? If not, key should be EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E.

botcheddevil commented 1 hour ago

Yes that did work, dropping the trailing '=' thanks @klauspost @zveinn !!!

For posterity ->

.\mc.exe cp --enc-c "myminio/public/encrypted-file.txt=EACjrC0Hu8dZ0hAjZyA6TEFhC1QackD5Wk5K/ruZs3E" D:\files\encrypted-file.txt myminio/public/encrypted-file.txt

zveinn commented 1 hour ago

for future reference, you should also be able to use hex encoded keys.