Server-side encryption on by default breaks with some S3 providers #404
Comments
|
Also related to #218 |
|
Same here with DigitalOcean Spaces. If i disable encryption - everything works fine. |
|
I've made PR with configurable encryption. #410 |
|
The described modification was tested by modifying our source codes: Then wal-e backup-push got further, with Minio S3 buckets, in our setup, where we tested without encryption. It would be good to have this kind of modification available in wal-e, which is implemented in this git issue / git pull. ( We are checking how well wal-e works, in generic. ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that wal-e is requesting SSE encryption by default https://github.com/wal-e/wal-e/blob/master/wal_e/blobstore/s3/s3_util.py#L57
This is problematic for any S3 backend that does not support SSE without significant configuration. For example the last couple of releases of Minio (popular self-hosting S3 solution) would reject WALE operations requesting SSE encryption requests unless a very specific KMS is configured.
At the very least, this should be a configurable option that can be controlled through a WALE envvar.
The text was updated successfully, but these errors were encountered: