aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3_constants/header.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3_constants/header.go')
-rw-r--r--weed/s3api/s3_constants/header.go31
1 files changed, 31 insertions, 0 deletions
diff --git a/weed/s3api/s3_constants/header.go b/weed/s3api/s3_constants/header.go
index f291c8c45..a2d79d83c 100644
--- a/weed/s3api/s3_constants/header.go
+++ b/weed/s3api/s3_constants/header.go
@@ -71,12 +71,43 @@ const (
AmzServerSideEncryptionCustomerKeyMD5 = "X-Amz-Server-Side-Encryption-Customer-Key-MD5"
AmzServerSideEncryptionContext = "X-Amz-Server-Side-Encryption-Context"
+ // S3 Server-Side Encryption with KMS (SSE-KMS)
+ AmzServerSideEncryption = "X-Amz-Server-Side-Encryption"
+ AmzServerSideEncryptionAwsKmsKeyId = "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id"
+ AmzServerSideEncryptionBucketKeyEnabled = "X-Amz-Server-Side-Encryption-Bucket-Key-Enabled"
+
// S3 SSE-C copy source headers
AmzCopySourceServerSideEncryptionCustomerAlgorithm = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm"
AmzCopySourceServerSideEncryptionCustomerKey = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key"
AmzCopySourceServerSideEncryptionCustomerKeyMD5 = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-MD5"
)
+// Metadata keys for internal storage
+const (
+ // SSE-KMS metadata keys
+ AmzEncryptedDataKey = "x-amz-encrypted-data-key"
+ AmzEncryptionContextMeta = "x-amz-encryption-context"
+
+ // SeaweedFS internal metadata keys for encryption (prefixed to avoid automatic HTTP header conversion)
+ SeaweedFSSSEKMSKey = "x-seaweedfs-sse-kms-key" // Key for storing serialized SSE-KMS metadata
+ SeaweedFSSSES3Key = "x-seaweedfs-sse-s3-key" // Key for storing serialized SSE-S3 metadata
+ SeaweedFSSSEIV = "x-seaweedfs-sse-c-iv" // Key for storing SSE-C IV
+
+ // Multipart upload metadata keys for SSE-KMS (consistent with internal metadata key pattern)
+ SeaweedFSSSEKMSKeyID = "x-seaweedfs-sse-kms-key-id" // Key ID for multipart upload SSE-KMS inheritance
+ SeaweedFSSSEKMSEncryption = "x-seaweedfs-sse-kms-encryption" // Encryption type for multipart upload SSE-KMS inheritance
+ SeaweedFSSSEKMSBucketKeyEnabled = "x-seaweedfs-sse-kms-bucket-key-enabled" // Bucket key setting for multipart upload SSE-KMS inheritance
+ SeaweedFSSSEKMSEncryptionContext = "x-seaweedfs-sse-kms-encryption-context" // Encryption context for multipart upload SSE-KMS inheritance
+ SeaweedFSSSEKMSBaseIV = "x-seaweedfs-sse-kms-base-iv" // Base IV for multipart upload SSE-KMS (for IV offset calculation)
+)
+
+// SeaweedFS internal headers for filer communication
+const (
+ SeaweedFSSSEKMSKeyHeader = "X-SeaweedFS-SSE-KMS-Key" // Header for passing SSE-KMS metadata to filer
+ SeaweedFSSSEIVHeader = "X-SeaweedFS-SSE-IV" // Header for passing SSE-C IV to filer (SSE-C only)
+ SeaweedFSSSEKMSBaseIVHeader = "X-SeaweedFS-SSE-KMS-Base-IV" // Header for passing base IV for multipart SSE-KMS
+)
+
// Non-Standard S3 HTTP request constants
const (
AmzIdentityId = "s3-identity-id"
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:38:51 +0000