Skip to content

Commit

Permalink
more feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@derpsteb
derpsteb committed Oct 10, 2023
1 parent d6bd27d commit 1d456c8
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
2 changes: 1 addition & 1 deletion docs/docs/architecture/encrypted-storage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ To interact with the dm-integrity kernel module, Constellation uses [libcryptset
When enabled, the used data integrity algorithm is [HMAC](https://datatracker.ietf.org/doc/html/rfc2104) with SHA256 as the hash function.
The tag size is 32 Bytes.

# Encrypted S3 object storage
## Encrypted S3 object storage

Constellation comes with a service that you can use to transparently retrofit client-side encryption to existing applications that use S3 (AWS or compatible) for storage.
To learn more, check out the [s3proxy documentation](../workflows/s3proxy.md).
5 changes: 2 additions & 3 deletions docs/docs/workflows/s3proxy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ You can add the s3proxy to your Constellation cluster as follows:
kubectl apply -f deployment-s3proxy.yaml
```

s3proxy is now deployed.
If you want to run a demo application, check out the [Filestash with s3proxy](../getting-started/examples/filstash-s3proxy.md) example.


Expand All @@ -52,7 +51,7 @@ To use s3proxy, you have to redirect your outbound S3 traffic to s3proxy.
This can either be done by modifying your client application or by changing the deployment of your application.

The necessary deployment modifications are to add DNS redirection and a trusted TLS certificate to the client's trust store.
DNS redirection can be defined for each pod, allowing you to test s3proxy for one application without changing other applications in the same cluster.
DNS redirection can be defined for each pod, allowing you to use s3proxy for one application without changing other applications in the same cluster.
Adding a trusted TLS certificate is necessary as clients communicate with s3proxy via HTTPS.
To have your client application trust s3proxy's TLS certificate, the certificate has to be added to the client's certificate trust store.
The [Filestash with s3proxy](../getting-started/examples/filstash-s3proxy.md) example shows how this is realized using an example.
The [Filestash with s3proxy](../getting-started/examples/filstash-s3proxy.md) example shows how to do this.

0 comments on commit 1d456c8

Please sign in to comment.