s3proxy icon indicating copy to clipboard operation
s3proxy copied to clipboard

Published 20 hours ago verified publisher icon gaul

Add middleware to encrypt object data before sending to storage backend

Open gaul opened this issue 9 years ago • 3 comments

This would enable data privacy on backends without encryption, e.g., Rackspace Cloud Files, as well as improve privacy on backends with it, e.g., Amazon S3, due to handling the private key in S3Proxy.

gaul avatar Feb 24 '16 22:02 gaul

@andrewgaul does s3proxy support encryption on object storage?

shenghu avatar Mar 06 '17 08:03 shenghu

@shenghu S3Proxy does not support object server-side encryption due to a lack of support in the underlying jclouds, tracked by JCLOUDS-1253. This issue tracks something different, object client-side encryption. This difference lies in who does key management; in the former, the object store manages keys, in the latter, S3Proxy manages keys. Ideally S3Proxy would support both.

gaul avatar Mar 06 '17 21:03 gaul

S3Proxy could include EncryptedBlobStore from Bounce:

https://github.com/bouncestorage/bouncestorage/blob/master/bounce/src/main/java/com/bouncestorage/bounce/EncryptedBlobStore.java

gaul avatar Apr 07 '17 17:04 gaul