So, I've tried to set the header in HAProxy, when the customer didn't set
it on their own and it seems to work fine.
Currently we don't set it on GET and HEAD request.
# Add sse-s3 header
acl existing-x-amz-server-side-encryption
req.hdr(x-amz-server-side-encryption) -m found
http-request set-header x-amz-server-side-encryption AES256 unless
existing-x-amz-server-side-encryption or METH_GET
Should I add the header only to PUT requests, or are there more requests
types that need this header?
From my understanding sse-s3 only applies to uploading data, but not to
policies, multipart listings and so on.
Cheers
Boris
Am Do., 5. Juni 2025 um 13:18 Uhr schrieb Boris <[email protected]>:
> This is a follow up question to the sse-kms thread, because the KMS team
> is now working on the transit engine and we will POC with openbao.
>
> Is there a way to enforce the bucket encryption for every bucket?
> As how I understand it, I need to enable the bucket encryption after
> creating. If we could enforce that, I could a header check in the haproxy
> to make it transparent for the user.
>
> cheers
> Boris
>
> --
> Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
> groüen Saal.
>
--
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
groüen Saal.
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
