Spaces Different Keys per bucket
Hi,
Is it possible to have different keys per bucket.
We would like to limit access to buckets with different access keys and secrets so that other people cannot see specific buckets?
27 Answers
Thanks for the feedback. This is something we are looking at. The limitation is unfortunately on the key-based permission support on the Ceph side but we are looking at other ways to mitigate this problem.
I would certainly like the same. As it stands, if one set of keys were compromised, they would gain access to every Space.
I just started playing with spaces today and after creating my first key and moving some data I came to the same question. Is there anything in the works to tie a specific key to a specific 'space' or 'bucket'? Is there already a way to do this and I'm not finding it? Thank you.
Yes, this is a feature that should be implemented, both for security like @jonny5alive states, but also for using a single DO account with multiple projects / customers.
We, as services provider, are in a process of migrating most of our infrastructure on to digital ocean (from ovh, google cloud and scale way). We do host external backup in the cloud. For this purpose and to be compliant with the GDPR law, we must set different access for each buckets, the data of a client should not be accessible in any way with the key of another one.
I’m pretty sure CEPH can allow this kind of policy. Anyway, this absence of security is slowing our migration. Any info from the DO team ?
+1... seriously, prioritize this one. Completely ridiculous. I'm not creating completely different DO accounts just to get proper security isolation.
I think it has more factors on your platform.
Many other companys can do it also with Ceph without issues.
So ita possible. But depends on how you implement it :)
We need unique keys for different spaces. When this feature is added I can migrate from s3 to spaces. :)
Assign different accesskeys at bucket level is a must have feature ... If not how to acomplish the following scenario:
- One Bucket to be used to store private HOME files.
- One bucket to store files for WORK
- One bucket to be used as the unlimited file storage through Nextcloud.
- One bucket devoted to store daily backups of the MAIL server & the WEB apps. server.
The target is to have all of them issolated to each other but, as far as I can see, currently, there is no way to assign a different AccessKeys to each one as all accesskey have same priviledges and can be used to see/ access all the mentioned buckets content at once.
- Please, DO what do you suggest to acomplish the described scenario now?
Having all buckets accessible to all users it's not an option at our company as well, we need to have some sort of isolation per bucket (or group of buckets, but I would already be happy if it was just per bucket).
Is there any news here? Can this be solved by creating teams, and basically putting each project, space and API key in a team? I hope there will be some news here soon. Otherwise, I would need to create one DO account per project, which would be very cumbersome.
-
Has anyone tried this team solution? It's cumbersome, but could work on a small scale.
Have another answer? Share your knowledge.
what is the status for this.. when is it going to be ready ? i need to store some static assets for an application in one bucket , which should not be modified by any one and another bucket where the application loads some files. The current setup will not allow me to do that.
@pchakravarthi some news?
This issue is exactly why Spaces can't work for us, and we are staying on AWS S3.
@pchakravarthi care for an update?
DO, this is a must have for us.
We really need this feature.
Can you give an update?.
Regards.
Here is posted in the ideas page.
Let's vote it up and comment.