Comments (6)
guymguym
commented on September 23, 2024
1
Note that with IAM api this will not be an issue - as it will be possible to submit many accounts create calls without forking many cli processes, and master keys will be cached in endpoint memory. Just saying 😉
from noobaa-core.
romayalon
commented on September 23, 2024
@madhuthorat @nimrod-becker @guymguym As mentioned on Slack, the suggested solution was adding a cache in the fget/fput scripts that should be handled on GPFS side. For more details please check the slack thread.
from noobaa-core.
guymguym
commented on September 23, 2024
@madhuthorat we support calling a script - that script can use keyctl inside as needed. closing as this will not be included in noobaa for now.
from noobaa-core.
madhuthorat
commented on September 23, 2024
@madhuthorat we support calling a script - that script can use keyctl inside as needed. closing as this will not be included in noobaa for now.
@guymguym we will check the keyctl option. Caching in GPFS file systems won't help as key will be readable in plain text, hence that option is not being considered. I am considering 2 options:
- Use keyctl
- Cache key with mms3 binary if not already cached, and refresh it periodically. And use a mms3 (hide) interface inside the executable script to get the key.
from noobaa-core.
guymguym
commented on September 23, 2024
@madhuthorat we might want to consider integrating with external KMS such as Vault. We designed the master keys scripts interface to be suitable for that as well, but the question is if local caching is needed also for external kms cases...
from noobaa-core.
madhuthorat
commented on September 23, 2024
@madhuthorat we might want to consider integrating with external KMS such as Vault. We designed the master keys scripts interface to be suitable for that as well, but the question is if local caching is needed also for external kms cases...
@guymguym In our documentation, we are going to describe that customers would be able to rewrite our scripts or have their own scripts where they can decide how to use keys with external KMS. But if they don't have support for external KMS then they can rely on what we provide.
from noobaa-core.
Related Issues (20)
- NC | CLI | Weird behavior of the CLI when adding space before access_key/secret_key flag
- NSFS | Regular object key & dir content object - key/ co-existence and overriding HOT 5
- Uploads fails to immutable fileset HOT 6
- NSFS | S3 | Versioning: HeadObject and PutObject do not return versionId when using multiple boto3 client instances HOT 12
- NSFS | S3 | Versioning: Internal error returned by DeleteObject with versionId. HOT 1
- Upgrade from 4.15.z to 4.17 d/s builds, rsyslog env has an issue, noobaa.log is not updated HOT 1
- Bucket lifecycle rules should allow top level Prefix and NoncurrentVersionExpiration and AbortIncompleteMultipartUpload elements HOT 2
- NC | Config files updates are not isolated. Concurrent updates can override one another
- NSFS | S3 | Versioning: Double delete of object in version-enabled bucket fails HOT 1
- NSFS | S3 | Versioning: Access to ListObjectVersions on version-enabled bucket denied despite bucket policy allowance HOT 2
- NSFS | S3 | Versioning: HeadObject on tagged object in version-enabled bucket does not return x-amz-tagging-count HOT 1
- NSFS | S3 | Versioning: DeleteObjects response does not return Deleted record HOT 2
- NSFS | S3 | Versioning: DeleteObjects with VersionId does not delete all object versions HOT 2
- NSFS | S3 | Versioning: AccessDenied on GetObject in a version-enabled bucket despite bucket policy allowing HOT 3
- Containerized | Versioning | Return 405 for Get/Head Specific Delete-Marker
- implement copy_object with source nsfs bucket and destination non-nsfs bucket
- NSFS | S3 | Versioning: PutBucketLifecycleConfiguration on version-enabled bucket fails with ParamValidationError
- NSFS | S3 | Versioning: Threaded delete of multiple objects does not delete
- NSFS | S3 | Versioning: ListObjectVersions does not contain Versions HOT 2
- NSFS | S3 | Versioning: InternalError upon PutObject over existing key in version-suspended bucket
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from noobaa-core.