Hi, I am in a project where the requirement is: - All data MUST be encrypted at rest - At least one key per customer - The backend only supports the vault KV as secrect engine, so SSE-s3 is not an option
The idea is, that we create a key for the customer and tell them in the panel that they need to use it and how it will work. But how to I prevent the user from uploading unecrypted objects? Do I check for a header in the proxy and return a <h1>uhuhuh, you didn't say the magic word!</h1> when there specific header is missing? And if this is the way, is there a shema I need to stick to? - Boris -- Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im groüen Saal. _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
