Commit Graph

14 Commits

Author SHA1 Message Date
renovate[bot]
fe65a6da76 deps: update Constellation containers 2024-05-16 13:11:53 +02:00
renovate[bot]
5674d9742a
deps: update Constellation containers (#2936)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-22 09:12:18 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers (#2919)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 16:14:05 +01:00
miampf
54cce77bab
deps: convert zap to slog (#2825) 2024-02-08 14:20:01 +00:00
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
2024-01-22 13:11:58 +01:00
renovate[bot]
110bf9103d
deps: update Constellation containers (#2760)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:03:44 +01:00
Otto Bittner
8ebd813480 s3proxy: ship as helm chart 2023-11-06 10:21:11 +01:00
Otto Bittner
a19227cac9 s3proxy: initial e2e tests and workflows 2023-11-06 10:21:11 +01:00
Otto Bittner
1e13da3b71
docs: extend filestash example with more regions (#2445) 2023-10-12 14:34:51 +02:00
Thomas Tendyck
f696cb452b s3proxy: remove unnecessary pull secret 2023-10-11 17:57:16 +02:00
Otto Bittner
4ef2e289b2
s3proxy: add new page to documentation (#2417)
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <ts@edgeless.systems>
2023-10-10 15:35:23 +02:00
Otto Bittner
c603b547db
s3proxy: add allow-multipart flag (#2420)
This flag allows users to control wether multipart uploads
are blocked or allowed. At the moment s3proxy doesn't
encrypt multipart uploads, so there is a potential for
inadvertent data leakage. With this flag the default
behavior is changed to a more secure default one: block
multipart uploads. The previous behavior can be enabled
by setting allow-multipart.
2023-10-09 15:18:12 +02:00
Otto Bittner
887dcda78b s3proxy: add keyservice integration
Encrypt each object with a random DEK and attach
the encrypted DEK as object metadata.
Encrpt the DEK with a key from the keyservice.
All objects use the same KEK until a keyrotation
takes place.
2023-10-06 11:23:32 +02:00
Otto Bittner
a7ceda37ea s3proxy: add intial implementation
INSECURE!
The proxy intercepts GetObject and PutObject.
A manual deployment guide is included.
The decryption only relies on a hardcoded, static key.
Do not use with sensitive data; testing only.
* Ticket to track ranged GetObject: AB#3466.
2023-10-06 11:23:32 +02:00