Discussions related to using object storage as a backup target.
Post Reply
Ejdesgaard
Enthusiast
Posts: 43
Liked: 8 times
Joined: Aug 24, 2012 11:59 am
Contact:

V10: Feature question - S3 MFA-Delete

Post by Ejdesgaard »

Red Hat Ceph Storage release notes state the following:

Support for S3 MFA-Delete
With this release, the Ceph Object Gateway supports S3 MFA-Delete using Time-Based One-Time Password (TOTP) one-time passwords as an authentication factor. This feature adds security against inappropriate data removal. You can configure buckets to require a TOTP one-time token in addition to standard S3 authentication to delete data.

The related RH BZ is: https://bugzilla.redhat.com/show_bug.cgi?id=1397212

I have not read anything about support for this in the v10 draft doc's for S3.

Will it be supported in V10 ?

Amazon ref's:
https://docs.aws.amazon.com/AmazonS3/la ... elete.html
https://aws.amazon.com/iam/features/mfa/?audit=2019q1
Gostev
Chief Product Officer
Posts: 31773
Liked: 7274 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: V10: Feature question - S3 MFA-Delete

Post by Gostev »

No, it's not supported - nor it can be supported, because we do need the ability to delete objects in a fully automated fashion (without TOTP) for the backup retention policy to work. In other words, we need to be able to delete older backups outside of your retention policy automatically. Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 20 guests