Comments (10)
I haven't had time to look into this yet, I'll try to get to it early next week.
from funnel.
Hi,
is there any update on this?
Thanks again for your help
from funnel.
Sorry, I've been stuck on other projects. I am working on this now. I hope to have something for you to try out by EOD tomorrow.
from funnel.
I've prototyped out a solution in #623. Let me know if this works for you.
For SSE-KMS:
AmazonS3:
SSE:
KMSKey: "1a03ce70-5f03-484e-8396-0e97de661b79"
For SSE-C:
Generate a key file:
openssl rand -out sse-c.key 32
Then configure funnel to use it:
AmazonS3:
SSE:
CustomerKeyFile: "./sse-c.key"
from funnel.
Note for SSE-KMS:
As long as your credentials can access the KMS key used for the given bucket, everything seems to work with no special configuration.
from funnel.
Great thanks, I will give it a try tomorrow.
Regarding the sse-c I assume the file ./sse-c.key
is expected to be available to all workers, correct? how about the server? Are there any special permissions required for this file?
Thanks again for your help
from funnel.
The server doesn't require any storage configuration in this case. And yes the sse-c.key
file is assumed to be accessible by all of the workers.
Upon further testing, I found that in the sse-c case my solution assumes that all files tasks will reference were encrypted using that key. So, for example, if you were to reference a file in an unencrypted bucket the task would fail upon trying to download it.
from funnel.
Thanks for the clarifications.
I will work with the assumption that all files are encrypted.
Is there any way and are you planning to change this behavior and allow encrypted (with sse-c) or unencrypted files to be used at the same time?
Thanks
from funnel.
Yes, I plan to add support for using sse-c encrypted and unencrypted files at the same time.
from funnel.
Yes, I plan to add support for using sse-c encrypted and unencrypted files at the same time.
Done.
from funnel.
Related Issues (20)
- TES v1.1: Create task with ignore_error flag
- TES: List task with next page token
- Failing lint job in tests
- github.com/golang/protobuf deprecation
- Homebrew formula returns "wrong number of arguments" error
- funnel binary not found during Slurm tests HOT 1
- Configuration for replacing path prefixes
- Boltdb deprecation HOT 2
- Task ID returned before database doc is created
- Feature Request: Add support for native K8s Executor
- Add Snakemake workflow tests to Funnel
- Funnel Tasks Fail when used as a TES Executor for Nextflow HOT 2
- The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested HOT 1
- Allow Funnel to run tasks against custom domain socket HOT 1
- Add option to connect to Gen3 systems
- Expose backend parameter to run container with additional permissions
- Funnel does not detect terminated instances on AWS
- Authentication failure connecting to mongodb HOT 1
- funnel 0.11 problems with mongodb
- funnel 0.11 error with AWS batch reconciler
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from funnel.