[HDDS-8132] Secure S3 keys management (implementing)

Authors: Maksim Myskov, Mikhail Pochatkin
2023-03-10

 

Summary
Improving security regarding s3 keys management

Abstract

There are problems related to the current S3 keys management:

  • Storing keys as plain text in Ozone Manager rocksdb is insecure. An ozone administrator can easily impersonate any user by recovering his keys from rocksdb.
  • The only way for a user to generate keys is to have SSH access to the Ozone cluster. Security policies can also prohibit this.
  • Keys revocation process is manual which leads to security issues.

We intend to extend Ozone S3 secret key management:

  • Support centralized remote S3 secret storage.
  • Implement S3 gateway endpoint for getting, renewing and revoking secrets.
  • Add TTL to secrets.

This document proposes solutions to the above issues.

Link

https://issues.apache.org/jira/secure/attachment/13057463/Secure%20S3%20keys%20management.pdf