Project

General

Profile

Actions

Idea #16809

closed

[keep-web] Check V4 signature on S3 requests, don't require sending entire Arvados token as AccessKey

Added by Tom Clegg over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Start date:
09/22/2020
Due date:
Story points:
-
Release relationship:
Auto

Description

If a client has Arvados V2 token "v2/zzzzz-gj3su-077z32aux8dg2s1/3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi" it should be able to use the S3 API with

This avoids revealing the secret key to a remote host in case of a misconfigured endpoint, etc., and aligns better with S3 clients' expectation that AccessKey does not need to be protected as a sensitive secret.

(Currently, the client has to send the secret part of the token as AccessKey.)


Subtasks 1 (0 open1 closed)

Task #16824: Review 16809-s3-v4-signatureResolvedTom Clegg09/22/2020Actions

Related issues 1 (0 open1 closed)

Related to Arvados Epics - Idea #16360: Keep-web supports S3 compatible interfaceResolved07/01/202004/30/2021Actions
Actions

Also available in: Atom PDF