For ObjectiveFS release 7.0 and newer, please refer to this guide.
ObjectiveFS provides client-side encryption, which encrypts the data on your server before it is sent to the object store. The data stays encrypted in transit and at rest. The client-side encryption is always enabled.
For enterprise users, ObjectiveFS also supports server-side encryption on AWS using Amazon S3-managed encryption keys (SSE-S3) and AWS KMS-managed encryption keys (SSE-KMS). This guide describes how to set up ObjectiveFS to run with AMS KMS.
Install stunnel
$ yum install stunnel
Edit /etc/stunnel/stunnel.conf with the following 4 lines:
[s3]
client=yes
accept=localhost:<port> ## e.g. localhost:8086
connect=<endpoint>:443 ## e.g. s3.us-west-1.amazonaws.com:443
For list of endpoints, see here
Run stunnel on your command line (or using your init tools)
$ stunnel
In /etc/objectivefs.env, create a file named AWS_SERVER_SIDE_ENCRYPTION
with content as:
aws:kms
(if using the default KMS key)
$ cat /etc/objectivefs.env/AWS_SERVER_SIDE_ENCRYPTION
aws:kms
<your kms key>
(if using a specific KMS key, e.g. arn:aws:kms:12345/6789
)
$ cat /etc/objectivefs.env/AWS_SERVER_SIDE_ENCRYPTION
arn:aws:kms:12345/6789
In /etc/objectivefs.env, create a file named http_proxy
with content as http://localhost:<port>
(e.g. http://localhost:8086)
Create a filesystem (one-time only) and mount the filesystem as usual
$ sudo mount.objectivefs create mybucket
$ sudo mount.objectivefs mybucket /ofs
by ObjectiveFS staff, September 18, 2022
ObjectiveFS is a shared file system for OS X and Linux that automatically scales and gives you scalable cloud storage.
If you have questions or article idea suggestions, please email us at support@objectivefs.com