mc encrypt set — MinIO Object Storage for Linux

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

挂过科的甜瓜 · 广东省卫生健康委员会网站· 2 月前 ·

不要命的菠萝 · 解读骑士老板拒送米切尔去湖人：不是因恨老詹 ...· 4 月前 ·

睿智的熊猫 · Kotlin-数字与字符串转换_kotlin ...· 8 月前 ·

刚毅的海龟 · Elasticsearch wont ...· 9 月前 ·

精明的哑铃 · mongodb,_mongodb ...· 1 年前 ·

Monitoring Bucket and Object Events

Identity and Access Management

Server-Side Encryption of Objects

Bucket Replication

Batch Framework

Core Administration Concepts

Software Development Kits (SDK)

Security Token Service (STS)

Transforms with Object Lambda

MinIO Client

mc alias
mc anonymous
mc batch
mc cat
mc cp
mc diff
mc du

mc encrypt clear
mc encrypt info
mc encrypt set
mc event
mc find
mc head
mc ilm
mc legalhold
mc license
mc ls
mc mb
mc mirror
mc mv
mc od
mc ping
mc pipe
mc quota
mc rb
mc replicate
mc retention
mc rm
mc share
mc sql
mc stat
mc support
mc tag
mc tree
mc undo
mc update
mc version
mc watch
MinIO Admin Client
Deprecated Commands
MinIO Server
Integrations
Glossary

Syntax

The mc encrypt set encrypt command sets or updates the default bucket Server-Side Encryption (SSE) mode . MinIO automatically encrypts objects written to that bucket using the specified SSE mode.

mc encrypt set only supports SSE-KMS and SSE-S3 .

The following command sets the default SSE-KMS encryption key for the bucket mydata on the myminio MinIO deployment:

mc encrypt set sse-kms "minio-encryption-key" myminio/mydata
Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.
Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.
Parameters

ENCRYPTION
Specify the server-side encryption type to use as the default SSE mode.
Supports the following values:
sse-kms - Encrypt objects using the key specified in
KMSKEY. MinIO
must have access to the specified key on the external KMS to
successfully encrypt or decrypt objects protected using SSE-KMS.
sse-s3 - Encrypt objects using the key specified to
MINIO_KMS_KES_KEY_NAME. MinIO must have access to the
specified key on the external KMS to successfully encrypt or decrypt
objects protected using SSE-S3.
KMSKEY
Specify the KMS Master Key to use for performing SSE object encryption. This
option only applies if ENCRYPTION is
sse-kms.
Omit this option to direct MinIO to use the
MINIO_KMS_KES_KEY_NAME.
ALIAS
The full path to the bucket on which to set the default SSE mode. Specify the
alias of the MinIO deployment as the prefix to the TARGET
path. For example:
mc encrypt set ENCRYPTION [KMSKEY] play/mybucket
The MinIO server configuration supports
SSE-KMS
The root has an encryption key minio-encryption-key.
 mc encrypt set sse-kms minio-encryption-key myminio/data
Replace ENCRYPTION with sse-kms or sse-s3 depending
on the preferred encryption mode.
Replace KMSKEY with the name of the encryption key on the
configured root KMS. This argument has no effect with sse-s3.
Replace TARGET with the alias of the
MinIO deployment on which to configure automatic server-side bucket
encryption.
Behavior

mc encrypt set makes no assumptions about the MinIO server’s current
encryption state. Specifying default encryption settings which the
server cannot support may result in undesired behavior.
Setting or modifying the default server-side encryption settings does not
automatically encrypt or decrypt the existing bucket contents. If the bucket
contents must have consistent encryption, use the
mc mv mc with the --encrypt or
--encrypt-key arguments to manually modify the
encryption settings or encrypted state of the bucket contents before
changing the bucket default.