Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

kms: remove support for compat secrets

Browse Source 
also document how to activate the deprecated builtin provider
This commit is contained in:
Nicola Murino
2021-12-01 17:53:19 +01:00
parent 4df0ae82ac
commit 6ee51c5cc1
6 changed files with 11 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/kms.md
View File

@@ -19,7 +19,7 @@ We first generate a random key, then the per-object encryption key is derived fr
1. a master key is provided: the encryption key is derived using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in [RFC 5869](http://tools.ietf.org/html/rfc5869)
2. no master key is provided: the encryption key is derived as simple hash of the random key. This is the default configuration.
For compatibility with SFTPGo versions 1.2.x and before we also support encryption based on `AES-256-GCM`. The data encrypted with this algorithm will never use the master key to keep backward compatibility.
For compatibility with SFTPGo versions 1.2.x and before we also support encryption based on `AES-256-GCM`. The data encrypted with this algorithm will never use the master key to keep backward compatibility. You can activate it using `builtin://` as `url` but this is not recommended.
### Cloud providers