Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

s3fs: Added documentation for SSE-C support #3498

Merged
merged 7 commits into from
Jun 22, 2022
Merged

s3fs: Added documentation for SSE-C support #3498

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
73f2b64
s3fs: Added documentation for SSE-C support
ap-kulkarni May 2, 2022
11a0151
ref: copy edits to `remote modify` `sse_...`
jorgeorpinel May 9, 2022
2a8cca1
Update content/docs/command-reference/remote/modify.md
jorgeorpinel May 9, 2022
a42de88
Update content/docs/command-reference/remote/modify.md
jorgeorpinel May 11, 2022
040ffb2
Update content/docs/command-reference/remote/modify.md
jorgeorpinel May 12, 2022
80bbffe
Update content/docs/command-reference/remote/modify.md
jorgeorpinel May 18, 2022
90fe853
ref: sse_customer_algorithm is not manadtory
jorgeorpinel May 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions content/docs/command-reference/remote/modify.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,22 @@ methods that are performed by DVC (`list_objects_v2` or `list_objects`,
$ dvc remote modify --local myremote sse_kms_key_id 'key-alias'
```

- `sse_customer_key` - user specified key to encrypt data uploaded when using
SSE-C. The value should be base64 encoded version of 256 bit key.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi! What's the value provided to sse? Is it SSE-C, or something like aws:ssec (similar to aws:kms) ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, this is AWS-specific right?

Copy link
Contributor Author

@ap-kulkarni ap-kulkarni May 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. This is AWS-specific. Also, when SSE with client side keys for encryption is in question, libraries usually expect different parameter (SSECustomerAlgorithm as key in s3_additional_kwargs dictionary) from sse (which gets added as ServerSideEncryption as key in the s3_additional_kwargs dictionary). So, for SSE, when a user wants to use key in AWS KMS, the relevent parameters are sse and sse_kms_key_id. When a user wants to use their own key (which is SSE-C) then the relevant parameters are sse_customer_key and sse_customer_algorithm. Value of sse is irrelevant for SSE-C.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it.


```dvc
$ dvc remote modify --local myremote sse_customer_key 'base64-encoded-256-bit-key'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
```

- `sse_customer_algorithm` - server side encryption algorithm to use while using
user specified keys. Again, this parameter will be passed directly to AWS S3
functions , so DVC supports any value that S3 supports. By default, i.e. if no
value is specified and `sse_customer_key` is specified, then `AES256` is used.
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved

```dvc
$ dvc remote modify myremote sse_customer_algorithm 'AES256'
```

- `acl` - set object level access control list (ACL) such as `private`,
`public-read`, etc. By default, no ACL is specified.

Expand Down