Document KMS policy options #1283
Labels
Comments
|
Hm - are these perhaps related to MinKMS specifically @aead ? If so we need to discuss if these envvars belong here or in the MinIO Enterprise docs, as the expectation is that MinKMS-related configs should apply only to Enterprise MinIO binary |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
These actions:
admin:KMSCreateKeyadmin:KMSKeyStatus... are documented on this page, however it's missing the kms actions from here: https://github.com/minio/pkg/blob/main/policy/kms-action.go
The MinIO server currently obeys the following:
kms:Statuskms:Metricskms:APIkms:Versionkms:CreateKeykms:ListKeyskms:KeyStatusThis PR: minio/minio#20079 added the ability for those KMS actions to be restricted by resource name (with wildcard support). There is an example policy on the PR description.
There is a bit of "overlap" of functionality here between the two "admin" kms actions and the "kms" actions, I believe they are separate API endpoints but it might be worth double checking the history of these.
This ticket is to document the kms actions and how they can be used, since these are MinIO specific.
The text was updated successfully, but these errors were encountered: