Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is s3 secret enabed? #70

Open
hanqiushi opened this issue Oct 26, 2022 · 3 comments
Open

Is s3 secret enabed? #70

hanqiushi opened this issue Oct 26, 2022 · 3 comments

Comments

@hanqiushi
Copy link

Can I enable accessKey/secretKey for s3 now ?

@scrayos
Copy link
Contributor

scrayos commented Oct 26, 2022

Yes, you can. But (as far as I know), you have to add it manually by running something like:

s3.configure -access_key=any -secret_key=any -buckets=bucket1 -user=me -actions=Read,Write,List,Tagging,Admin -apply

in the weed shell of one of the master nodes.

Source: https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API#s3-authentication

@hanqiushi
Copy link
Author

Yes, you can. But (as far as I know), you have to add it manually by running something like:

s3.configure -access_key=any -secret_key=any -buckets=bucket1 -user=me -actions=Read,Write,List,Tagging,Admin -apply

in the weed shell of one of the master nodes.

Source: https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API#s3-authentication

Thanks, I've done this in one of master nodes, but I can still access filer nodes without using accessKey/secretKey, did I miss something ?

@scrayos
Copy link
Contributor

scrayos commented Oct 27, 2022

Thanks, I've done this in one of master nodes, but I can still access filer nodes without using accessKey/secretKey, did I miss something ?

I am by no means knowledgeable regarding filer, but my guess would be that the accessKey/secretKey is only mandatory for the specific bucket and not the filer as a whole.

If you want to secure your whole filer instance, my guess would be, that you had to configure jwt.filer_signing.key and jwt.filer_signing.read.key in security.toml (Reference).

But as I said, I'm only guessing here. But even if I was right, a new property needs to be added to the Seaweed Custom Resource Definition, so that users would be able to set security.toml options. Input from someone more knowleadgable would be highly appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants