small-hack/argocd-apps
small-hack/argocd-apps
2
1
Fork 0
Code Issues 14 Pull requests Projects Releases Packages Wiki Activity Actions

turn on default encryption for minio #251

New issue
Open
opened 2023-10-29 12:21:47 +00:00 by jessebot · 4 comments
jessebot commented 2023-10-29 12:21:47 +00:00 (Migrated from github.com)
Copy link

minio has oidc in front of the tenant, but encryption is not enabled by default yet. We should do that before next major release

minio has oidc in front of the tenant, but encryption is not enabled by default yet. We should do that before next major release
cloudymax commented 2023-10-29 20:56:27 +00:00 (Migrated from github.com)
Copy link

We will need to write a function to enable SSE-C encryption on a per-bucket basis to run a few mc commands. Unfortunately we can't add any KMS other than vault or a major cloud 😕

https://min.io/docs/minio/linux/administration/server-side-encryption/server-side-encryption-sse-c.html

We will need to write a function to enable SSE-C encryption on a per-bucket basis to run a few mc commands. Unfortunately we can't add any KMS other than vault or a major cloud 😕 https://min.io/docs/minio/linux/administration/server-side-encryption/server-side-encryption-sse-c.html
😕 1
jessebot commented 2023-10-31 07:31:19 +00:00 (Migrated from github.com)
Copy link

oof, well, that shouldn't be the worst thing in the world. I wish OpenTofu would do something about Vault as well.

oof, well, that shouldn't be the worst thing in the world. I wish OpenTofu would do something about Vault as well.
cloudymax commented 2023-11-25 09:58:34 +00:00 (Migrated from github.com)
Copy link

So for this issue, there's no way we can do what we want to do without using Vault or a non FOSS keyvault. Since weve gotten encryption up and running on Seaweedfs I think we can close this with the acknowledgement that if users want encryption by default, seaweedfs is the way to go.

So for this issue, there's no way we can do what we want to do without using Vault or a non FOSS keyvault. Since weve gotten encryption up and running on Seaweedfs I think we can close this with the acknowledgement that if users want encryption by default, seaweedfs is the way to go.
cloudymax commented 2023-11-25 09:59:31 +00:00 (Migrated from github.com)
Copy link

Keeping open to re-evaluate of SSE-C in the vanilla helm chart

Keeping open to re-evaluate of SSE-C in the vanilla helm chart
👍 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
harbor-refresh
cloudymax-patch-1
forgejo-federation
renovate/tempo-distributed-1.x
renovate/postgresql-18.x
renovate/argo-cd-9.x
renovate/kubevirt-vm-0.x
renovate/hashicorp-vault-1.x
renovate/openbao-0.x
renovate/nextcloud-8.x
finish-juicefs
renovate/kubevirt-stack-0.x
temporary-storage-class-fix
swfs-kubevirt
no-smtp-env-vars
new-loki
forgejo-testing
renovate/https-github.com-metallb-metallb.git-0.x
environment-promotion-idea
valkey-nextcloud
renovate/registry-1.docker.io-bitnamicharts-valkey-2.x
simple
renovate/seaweedfs-4.x
grafana-login-enabled
no-smtp-zitadel
try-wrenix-pr-480
add-rss-bot
disable-modsecurity
testing-haproxy
routhinator-may-2-suggestion
bradley
feat/workflows
fix/home-assistant-proxy
feat/ingress-metrics-enabled
argo-multi-source-issue
max-testing
add-nvidia-apps
old-secrets-for-peertube
before-hookshot-removal
nextclouud-s3-as-primary-object-store
before-eso-helm-chart-test-merge
before-nextcloud-cron-removal
maxs-old-bweso
Labels
Clear labels   
WAF

something to do with our WAF

  
blocked

unable to move forward at this time

  
bug

Something isn't working

  
ci/cd

antyhing to do with continous integration/deployment including renovatebot

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
ingress

   
invalid

This doesn't seem right

  
monitoring

   
question

Further information is requested

  
security

   
wontfix

This will not be worked on

  
😭 email

anything to do with SMTP or email generally

No labels
WAF
blocked
bug
ci/cd
documentation
duplicate
enhancement
good first issue
help wanted
ingress
invalid
monitoring
question
security
wontfix
😭 email
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
small-hack/argocd-apps#251
No description provided.