Hello there,
Could you please provide support on the query mentioned below and suggest how to handle the error to fix it.
Your suggestions would be beneficial.Looking forward to your response!
| Dhivya G Associate Software Engineer |
| Email: dhivya.g@zybisys.com
|
---- On Fri, 28 Feb 2025 11:30:36 +0530 Dhivya G <dhivya.g@xxxxxxxxxxx> wrote ---
Hi Arnaud,Thanks for your support!I am currently integrating Ceph RADOS Gateway (RGW) with HashiCorp Vault for SSE-S3 encryption and using js to upload objects to an encrypted bucket. I have configured the necessary parameters in my request, but I am encountering an "Invalid Request" error during the upload process.Attachments:
- Screenshot of the code and error logs for reference.
I appreciate any guidance from the community to resolve this issue. Looking forward to your insights
Thanks & Regards,
Dhivya G|Associate Software Engineer
Ph No: (+91) 9894944910
email: dhivya.g@xxxxxxxxxxx
Zybisys Consulting LLP | Srinivasa Tower' No.29, 39th E Cross, 4th T Block, Jayanagar , Bangalore India - 560041
zybisys.com---- On Fri, 28 Feb 2025 05:03:50 +0530 Arnaud Lefebvre <arnaud.lefebvre@xxxxxxxxxxxxxxxx> wrote ---Hello,
I've been working on having SSE-S3 work too in the past few days with a v18 cluster (SSE-S3 is only available starting v17 IIRC).
First thing to check are the radosgw logs. Don't hesitate to increase them with `debug rgw 20/20` if possible, you'll see the error and vault interactions.
Then, you need to configure the radosgw properly. I had a bit of a hard time to figure it out from the docs, but here's my test configuration:
```
rgw_crypt_s3_kms_backend = vault
rgw_crypt_sse_s3_vault_secret_engine = transit
rgw_crypt_sse_s3_vault_auth = token
rgw_crypt_sse_s3_vault_token_file = /run/.rgw-vault-token
rgw_crypt_sse_s3_vault_addr = http://172.17.0.1:8200
rgw_crypt_sse_s3_vault_prefix = /v1/transit/
rgw_crypt_sse_s3_vault_verify_ssl = false
rgw_crypt_vault_secret_engine = kv
rgw_crypt_vault_auth = token
rgw_crypt_vault_token_file = /run/.rgw-vault-token
rgw_crypt_vault_addr = http://172.17.0.1:8200
rgw_crypt_vault_prefix = /v1/secret/data/
rgw_crypt_vault_verify_ssl = false
```
The sse_s3 configuration keys are the ones used for SSE-S3 while the other (crypt_vault) are used only for SSE-KMS (if I understood everything well).
From there and once I used the PutBucketEncryption API to use SSE-S3 as default, everything worked fine.
If that still doesn't work on your end, then I guess you'll need to share some logs / errors or request output!
Good hacking!
Disclaimer : The content of this email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify the sender and remove the messages from your system. If you are not the named addressee, it is strictly forbidden for you to share, circulate, distribute or copy any part of this e-mail to any third party without the written consent of the sender.
E-mail transmission cannot be guaranteed to be
secured or error free as information could be intercepted, corrupted, lost,
destroyed, arrive late, incomplete, or may contain viruses. Therefore, we do
not accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. The recipient should
check this e-mail and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email."
_______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
