turn on default encryption for minio

Question

turn on default encryption for minio

Opened this issue a year ago · 4 comments

minio has oidc in front of the tenant, but encryption is not enabled by default yet. We should do that before next major release

Answer 1 · 2023-10-29T20:56:27.000Z

We will need to write a function to enable SSE-C encryption on a per-bucket basis to run a few mc commands. Unfortunately we can't add any KMS other than vault or a major cloud 😕

https://min.io/docs/minio/linux/administration/server-side-encryption/server-side-encryption-sse-c.html

Answer 2 · 2023-10-31T07:31:19.000Z

oof, well, that shouldn't be the worst thing in the world. I wish OpenTofu would do something about Vault as well.

Answer 3 · 2023-11-25T09:58:34.000Z

So for this issue, there's no way we can do what we want to do without using Vault or a non FOSS keyvault. Since weve gotten encryption up and running on Seaweedfs I think we can close this with the acknowledgement that if users want encryption by default, seaweedfs is the way to go.

Answer 4 · 2023-11-25T09:59:31.000Z

Keeping open to re-evaluate of SSE-C in the vanilla helm chart