Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-17797

No provision to provide server side encryption kms key details while creating s3 type blobstore

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.13.0, 3.15.2
    • Fix Version/s: 3.19.0
    • Component/s: Blobstore, S3
    • Labels:

      Description

      We are testing Nexus-3 PRO 3.12.1-01 & S3 Integration and hit a road block w.r.t creating the S3 based Blob store.. We use the Bring your own key i.e aws-kms  and not the default aws provided kms key as part of Server side encryption on the S3 buckets for obvious security reasons in our organisation.

       

      Current policy mandates that the request header should have the Server side encryption kms-keyId for the PUT’s to succeed and when I am trying to create a blobstore by specifying the existing bucket details it throws Access denied error because of the missing kms keyId in the request.

       

      I don’t see any field exposed to provide this configuration details i.e listed below on the Nexus-3 PRO 3.12.1-01 or on 3.13 version and was suggested to raise a enhancement request by the support team as this is preventing us to use the s3 for HA configuration.

       

      a.       SSE Alogirthm type (Example : aws:kms)

      b.      SSE KMS key Id  (Example : 6fxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

      c.       Storage Class (Example : Standard)

       

      Example arg params i.e sent from the aws Cli to upload any objects to s3:

      --sse aws:kms --storage-class STANDARD --sse-kms-key-id : 6fxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ataylor Andrew Taylor
              Reporter:
              kogantiv Vijay Koganti
              Last Updated By:
              Ophelia Hernandez Ophelia Hernandez
              Team:
              NXRM - Morpheus
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title