Commit Graph

4 Commits

Author SHA1 Message Date
Otto Bittner
4ef2e289b2
s3proxy: add new page to documentation (#2417)
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <ts@edgeless.systems>
2023-10-10 15:35:23 +02:00
Otto Bittner
c603b547db
s3proxy: add allow-multipart flag (#2420)
This flag allows users to control wether multipart uploads
are blocked or allowed. At the moment s3proxy doesn't
encrypt multipart uploads, so there is a potential for
inadvertent data leakage. With this flag the default
behavior is changed to a more secure default one: block
multipart uploads. The previous behavior can be enabled
by setting allow-multipart.
2023-10-09 15:18:12 +02:00
Otto Bittner
887dcda78b s3proxy: add keyservice integration
Encrypt each object with a random DEK and attach
the encrypted DEK as object metadata.
Encrpt the DEK with a key from the keyservice.
All objects use the same KEK until a keyrotation
takes place.
2023-10-06 11:23:32 +02:00
Otto Bittner
a7ceda37ea s3proxy: add intial implementation
INSECURE!
The proxy intercepts GetObject and PutObject.
A manual deployment guide is included.
The decryption only relies on a hardcoded, static key.
Do not use with sensitive data; testing only.
* Ticket to track ranged GetObject: AB#3466.
2023-10-06 11:23:32 +02:00