Open hanqiushi opened 2 years ago
scrayos
commented
2 years ago Yes, you can. But (as far as I know), you have to add it manually by running something like:
s3.configure -access_key=any -secret_key=any -buckets=bucket1 -user=me -actions=Read,Write,List,Tagging,Admin -applyin the weed shell of one of the master nodes.
Source: https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API#s3-authentication
hanqiushi
commented
2 years ago Yes, you can. But (as far as I know), you have to add it manually by running something like:
s3.configure -access_key=any -secret_key=any -buckets=bucket1 -user=me -actions=Read,Write,List,Tagging,Admin -applyin the
weed shellof one of the master nodes.Source: https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API#s3-authentication
Thanks, I've done this in one of master nodes, but I can still access filer nodes without using accessKey/secretKey, did I miss something ?
scrayos
commented
2 years ago Thanks, I've done this in one of master nodes, but I can still access filer nodes without using accessKey/secretKey, did I miss something ?
I am by no means knowledgeable regarding filer, but my guess would be that the accessKey/secretKey is only mandatory for the specific bucket and not the filer as a whole.
If you want to secure your whole filer instance, my guess would be, that you had to configure jwt.filer_signing.key and jwt.filer_signing.read.key in security.toml (Reference).
But as I said, I'm only guessing here. But even if I was right, a new property needs to be added to the Seaweed Custom Resource Definition, so that users would be able to set security.toml options. Input from someone more knowleadgable would be highly appreciated.
Can I enable accessKey/secretKey for s3 now ?