> We have a multisite Ceph configuration, with http (not https) sync endpoints. 
> Are all sync traffic in plain text?

For S3 v4 auth, there are things that "obfuscates" the login auth, but
might not be called real crypto in that sense, so if you decide to
send things in the clear, expect it to be sent in the clear, even if
it is made "hard to read".

> We have concerns about metadata. For example, when syncing a newly created 
> user and its access key and secret key from the Master zone to a secondary 
> zone, is this traffic in plain text? If so, what are options to encrypt it?

Then either choose https or wrap your traffic in any of the VPN
solutions from the last 30 years or so.
If the endpoints can't be changed to https for some reason, then
secure all the traffic just like with any other communication

May the most significant bit of your life be positive.
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io

Reply via email to