<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Laura,<br>
</p>
<div class="moz-cite-prefix">On 9/7/23 14:48, Laura Smith via
Pdns-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WKCA1Si0AkW8nYaox3IdCVka4-LwOxnTbKhyuJ4W-_NNEnlXwgNy_smyi0yqy0NQvwDHgS9PSgr5tNwEv1xbHEoQvqhh33u8g-u7pV88IY4=@protonmail.ch">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div style="font-family: Arial, sans-serif; font-size: 14px;">PDNS
with Lightning Stream LMDB looks like a welcome addition but
having briefly glanced over the docs, I cannot see any
client-side encryption settings, not even the option to use CMK
on S3 blobs.</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">Are
there eventual plans for adding encryption capabilities to
Lightning Stream ?</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">In
addition, it would be nice to see the S3 connector be enhanced
to support more authentication options such as:</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;">
<ul>
<li><span>Use of AWS roles</span></li>
<li><span>Use of <span>AWS Security Token Service (AWS STS)</span></span></li>
<li><span><span>Use of X.509 certs (<span>IAM Roles Anywhere)</span></span></span></li>
</ul>
<div><span><span><span><br>
</span></span></span></div>
<div><span><span><span>Whilst there will clearly still be many
people out there only using Access Key + Secret Key,
environments with a hardened security posture need some
extra knobs and dials.</span></span></span></div>
</div>
</blockquote>
<p>Bear in mind the implementation is not specific to AWS S3 - I
tested Lightning Stream against Backblaze B2 and it works
perfectly.</p>
<p>-- <br>
Nico<br>
</p>
</body>
</html>