Hi,
Is it possible to have different keys per bucket.
We would like to limit access to buckets with different access keys and secrets so that other people cannot see specific buckets?
I would certainly like the same. As it stands, if one set of keys were compromised, they would gain access to every Space.
I just started playing with spaces today and after creating my first key and moving some data I came to the same question. Is there anything in the works to tie a specific key to a specific 'space' or 'bucket'? Is there already a way to do this and I'm not finding it? Thank you.
Yes, this is a feature that should be implemented, both for security like @jonny5alive states, but also for using a single DO account with multiple projects / customers.
We, as services provider, are in a process of migrating most of our infrastructure on to digital ocean (from ovh, google cloud and scale way). We do host external backup in the cloud. For this purpose and to be compliant with the GDPR law, we must set different access for each buckets, the data of a client should not be accessible in any way with the key of another one.
I’m pretty sure CEPH can allow this kind of policy. Anyway, this absence of security is slowing our migration. Any info from the DO team ?
+1... seriously, prioritize this one. Completely ridiculous. I'm not creating completely different DO accounts just to get proper security isolation.
Thanks for the feedback. This is something we are looking at. The limitation is unfortunately on the key-based permission support on the Ceph side but we are looking at other ways to mitigate this problem.
I think it has more factors on your platform.
Many other companys can do it also with Ceph without issues.
So ita possible. But depends on how you implement it :)