Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-22573

document supported S3 encryption strategies and how to use them

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.20.1
    • Fix Version/s: None
    • Component/s: Documentation, S3
    • Notability:
      3

      Description

      The page at https://help.sonatype.com/repomanager3/configuration/storage-guide#StorageGuide-S3BlobStore states:

      "The bucket can use server-side encryption with KMS key management transparently. Other methods of server side encryption are not supported."

      That is the full extent of how to use bucket encryption with S3 blobstores and what is supported. "Other methods" is vague. "KMS" can mean several different things.

      There is no clear statement describing how to enable encryption on an existing bucket and also how to update S3 blobstores config already existing in NXRM.

      Expected

      Document exactly what to do to use the three encryption mechanisms ( SSE-C, SSE-S3, SSE-KMS ) described here for new blobstores or existing blobstores:

      https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html

      If something wasn't tested or supported, make clear note of what that is.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Hajime Osako
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title