[HDDS-8132] Secure S3 keys management (implementing)
Authors: Maksim Myskov, Mikhail Pochatkin
2023-03-10
Summary
Improving security regarding s3 keys management
Abstract
There are problems related to the current S3 keys management:
- Storing keys as plain text in Ozone Manager rocksdb is insecure. An ozone administrator can easily impersonate any user by recovering his keys from rocksdb.
- The only way for a user to generate keys is to have SSH access to the Ozone cluster. Security policies can also prohibit this.
- Keys revocation process is manual which leads to security issues.
We intend to extend Ozone S3 secret key management:
- Support centralized remote S3 secret storage.
- Implement S3 gateway endpoint for getting, renewing and revoking secrets.
- Add TTL to secrets.
This document proposes solutions to the above issues.
Link
https://issues.apache.org/jira/secure/attachment/13057463/Secure%20S3%20keys%20management.pdf