-
Notifications
You must be signed in to change notification settings - Fork 314
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server-side encryption on by default breaks with some S3 providers #404
Comments
Also related to #218 |
Same here with DigitalOcean Spaces. If i disable encryption - everything works fine. |
I've made PR with configurable encryption. #410 |
The described modification was tested by modifying our source codes: Then wal-e backup-push got further, with Minio S3 buckets, in our setup, where we tested without encryption. It would be good to have this kind of modification available in wal-e, which is implemented in this git issue / git pull. ( We are checking how well wal-e works, in generic. ) |
It seems that wal-e is requesting SSE encryption by default https://github.com/wal-e/wal-e/blob/master/wal_e/blobstore/s3/s3_util.py#L57
This is problematic for any S3 backend that does not support SSE without significant configuration. For example the last couple of releases of Minio (popular self-hosting S3 solution) would reject WALE operations requesting SSE encryption requests unless a very specific KMS is configured.
At the very least, this should be a configurable option that can be controlled through a WALE envvar.
The text was updated successfully, but these errors were encountered: