Search Options

Results per page
Sort
Preferred Languages
Advance

Results 31 - 40 of 107 for kms (0.02 sec)

  1. internal/crypto/metadata.go

    	MetaSealedKeyKMS = "X-Minio-Internal-Server-Side-Encryption-Kms-Sealed-Key"
    
    	// MetaKeyID is the KMS master key ID used to generate/encrypt the data
    	// encryption key (DEK).
    	MetaKeyID = "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id"
    	// MetaDataEncryptionKey is the sealed data encryption key (DEK) received from
    	// the KMS.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Jun 10 17:40:33 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  2. cmd/bucket-encryption-handlers.go

    		return
    	}
    
    	// Return error if KMS is not initialized
    	if GlobalKMS == nil {
    		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrKMSNotConfigured), r.URL)
    		return
    	}
    	kmsKey := encConfig.KeyID()
    	if kmsKey != "" {
    		kmsContext := kms.Context{"MinIO admin API": "ServerInfoHandler"} // Context for a test key operation
    		_, err := GlobalKMS.GenerateKey(ctx, &kms.GenerateKeyRequest{Name: kmsKey, AssociatedData: kmsContext})
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  3. internal/crypto/doc.go

    //     -   ObjectKey := DAREv2_Dec(KeyEncKey, SealedKey)
    //     - object_data := DAREv2_Dec(ObjectKey, enc_object_data)
    //     Output: object_data
    //
    // ### SSE-S3 and KMS
    //
    // SSE-S3 requires that the KMS provides two functions:
    //
    //  1. Generate(KeyID) -> (Key, EncKey)
    //
    //  2. Unseal(KeyID, EncKey) -> Key
    //
    //  1. Encrypt:
    //     Input: KeyID, bucket, object, metadata, object_data
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Aug 26 19:52:29 UTC 2022
    - 5K bytes
    - Viewed (0)
  4. cmd/common-main.go

    		logger.Fatal(err, "Failed to connect to KMS")
    	}
    
    	if _, err = KMS.GenerateKey(GlobalContext, &kms.GenerateKeyRequest{}); errors.Is(err, kms.ErrKeyNotFound) {
    		err = KMS.CreateKey(GlobalContext, &kms.CreateKeyRequest{Name: KMS.DefaultKey})
    	}
    	if err != nil && !errors.Is(err, kms.ErrKeyExists) && !errors.Is(err, kms.ErrPermission) {
    		logger.Fatal(err, "Failed to connect to KMS")
    	}
    	GlobalKMS = KMS
    }
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 24 21:50:11 UTC 2024
    - 31.7K bytes
    - Viewed (0)
  5. internal/bucket/encryption/bucket-sse-config.go

    func (b *BucketSSEConfig) Algo() Algorithm {
    	for _, rule := range b.Rules {
    		return rule.DefaultEncryptionAction.Algorithm
    	}
    	return ""
    }
    
    // KeyID returns the KMS key ID specified by the SSE configuration.
    // If the SSE configuration does not specify SSE-KMS it returns an
    // empty key ID.
    func (b *BucketSSEConfig) KeyID() string {
    	for _, rule := range b.Rules {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 25 00:44:15 UTC 2022
    - 4.9K bytes
    - Viewed (0)
  6. cmd/post-policy-fan-out.go

    	"github.com/minio/minio/internal/crypto"
    	"github.com/minio/minio/internal/hash"
    	xhttp "github.com/minio/minio/internal/http"
    	"github.com/minio/minio/internal/kms"
    )
    
    type fanOutOptions struct {
    	Kind     crypto.Type
    	KeyID    string
    	Key      []byte
    	KmsCtx   kms.Context
    	Checksum *hash.Checksum
    	MD5Hex   string
    }
    
    // fanOutPutObject takes an input source reader and fans out multiple PUT operations
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Jan 18 07:03:17 UTC 2024
    - 3.5K bytes
    - Viewed (0)
  7. cmd/config-current.go

    	}
    	if err != nil {
    		logger.Fatal(err, "Unable to generate root access key using KMS")
    	}
    
    	sKey, err := GlobalKMS.MAC(GlobalContext, &kms.MACRequest{Message: []byte("root secret key")})
    	if err != nil {
    		// Here, we must have permission. Otherwise, we would have failed earlier.
    		logger.Fatal(err, "Unable to generate root secret key using KMS")
    	}
    
    	accessKey, err := auth.GenerateAccessKey(20, bytes.NewReader(aKey))
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 03 18:23:41 UTC 2024
    - 30.1K bytes
    - Viewed (0)
  8. cmd/bucket-metadata.go

    	encBytes, metaBytes, err := encryptBucketMetadata(ctx, b.Name, b.BucketTargetsConfigJSON, kms.Context{b.Name: b.Name, bucketTargetsFile: bucketTargetsFile})
    	if err != nil {
    		return err
    	}
    
    	b.BucketTargetsConfigJSON = encBytes
    	b.BucketTargetsConfigMetaJSON = metaBytes
    	return b.Save(ctx, objectAPI)
    }
    
    // encrypt bucket metadata if kms is configured.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Aug 28 15:32:18 UTC 2024
    - 18.2K bytes
    - Viewed (0)
  9. cmd/logging.go

    	logger.LogIf(ctx, "kms", err, errKind...)
    }
    
    // KMSLogger permits access to kms module specific logging
    type KMSLogger struct{}
    
    // LogOnceIf is the implementation of LogOnceIf, accessible using the Logger interface
    func (l KMSLogger) LogOnceIf(ctx context.Context, err error, id string, errKind ...interface{}) {
    	logger.LogOnceIf(ctx, "kms", err, id, errKind...)
    }
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 03 18:49:48 UTC 2024
    - 7.1K bytes
    - Viewed (0)
  10. cmd/config.go

    	"errors"
    	"fmt"
    	"path"
    	"sort"
    	"strings"
    
    	jsoniter "github.com/json-iterator/go"
    	"github.com/minio/madmin-go/v3"
    	"github.com/minio/minio/internal/config"
    	"github.com/minio/minio/internal/kms"
    )
    
    const (
    	minioConfigPrefix = "config"
    	minioConfigBucket = minioMetaBucket + SlashSeparator + minioConfigPrefix
    	kvPrefix          = ".kv"
    
    	// Captures all the previous SetKV operations and allows rollback.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Aug 23 10:07:06 UTC 2023
    - 6K bytes
    - Viewed (0)
Back to top