Red Hat Bugzilla – Bug 1472465
rgw multisite: objects encrypted with SSE-KMS do not sync correctly
Last modified: 2017-08-08 11:00:57 EDT
Description of problem:
Objects encrypted with the SSE-KMS mode sync to other zones, but are stored in their unencrypted form. Because they retain their encryption attributes, attempts to read them from a secondary zone will decrypt the data again, returning garbage data to the client.
All objects encrypted with SSE-KMS in a multisite configuration.
Steps to Reproduce:
1. Set up a multisite configuration with two zones, including these additional values in ceph.conf:
rgw crypt require ssl = false
rgw crypt s3 kms encryption keys = testkey=YmluCmJvb3N0CmJvb3N0LWJ1aWxkCmNlcGguY29uZgo=
2. Create a bucket on the primary zone
3. Upload an object (containing readable text) to that bucket on the primary zone, using these additional request headers:
The object syncs to the secondary zone, but its data does not match the readable text uploaded to the primary zone.
The synced object is stored on the secondary zone in its encrypted form. When read, the decrypted object data is returned to the client.
The sync request should fetch the object in its encrypted form.