Allow Other methods of s3 server-side encryption #18561
Labels
:Distributed/Snapshot/Restore
Anything directly related to the `_snapshot/*` APIs
>enhancement
help wanted
adoptme
Comments
|
I would like to work on this. |
clintongormley
added
:Distributed/Snapshot/Restore
|
S3 bucket defaut encryption was introduced late 2017, https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/ If kms default encryption is set in the bucket, we can add additonal policy, besides the S3 permissoin to allow encrypt/decrypt using the key. Can anyone else confirm this? |
|
Closing here as a duplicate of #41196 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
Currently, by setting server_side_encryption to true, the only method that is allowed is aes256. It would be great if we could specify other s3 encryption methods, e.g. aws:kms.
For aws:kms, if the bucket has a default key, it's just a matter of including the correct header, so one possibility may be an additional parameter to specify the value of the
x-amz-server-side-encryptionheader to get sent with requests. But the ability to specify an ams key to use would also be great.The text was updated successfully, but these errors were encountered: