From 43aecffd3cc6b2ba8a4dac552464ccdcb1dd867c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Tue, 22 Nov 2022 18:21:07 +0100 Subject: [PATCH] Add documentation for using SSE-C on S3 primary storage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- .../configuration_files/primary_storage.rst | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/admin_manual/configuration_files/primary_storage.rst b/admin_manual/configuration_files/primary_storage.rst index f9882e62362..9a46fa2052e 100644 --- a/admin_manual/configuration_files/primary_storage.rst +++ b/admin_manual/configuration_files/primary_storage.rst @@ -203,3 +203,39 @@ all files for that user in their corresponding bucket. You can find out more information about upscaling with object storage and Nextcloud in the `Nextcloud customer portal `_. + + +------------------------ +SSE-C encryption support +------------------------ + +Nextcloud supports server side encryption, also known as `SSE-C `, with compatible S3 bucket provider. The encryption and decryption happens on the S3 bucket side with a key provided by the Nextcloud server. + +The key can be specified with the :code:`sse_c_key` parameter which needs to be provided as a base64 encoded string with a maximum length of 32 bytes. A random key could be generated using the the following command: + +:: + openssl rand 32 | base64 + + +The following example shows how to configure the S3 object store with SSE-C encryption support in the objectstore section of the Nextcloud config.php file: + +:: + + 'objectstore' => [ + array ( + 'class' => 'OC\\Files\\ObjectStore\\S3', + 'arguments' => + array ( + 'bucket' => 'nextcloud', + 'key' => 'nextcloud', + 'secret' => 'nextcloud', + 'hostname' => 's3', + 'port' => '443', + 'use_ssl' => true, + 'use_path_style' => true, + 'autocreate' => true, + 'verify_bucket_exists' => true, + 'sse_c_key' => 'o9d3Q9tHcPMv6TIpH53MSXaUmY91YheZRwuIhwCFRSs=', + ), + ); + ], \ No newline at end of file