Merge pull request #21380 from overleaf/jpa-s3-ssec-backend

[object-persistor] add backend for SSE-C with S3 using KEK and DEK GitOrigin-RevId: 9676f5cd5e08107c8c284b68b8d450a1c05bf1b1
2026-05-23 09:09:36 +02:00 · 2024-11-08 09:31:26 +01:00
parent 776647d62a
commit 859901ac0c
16 changed files with 926 additions and 98 deletions
--- a/services/filestore/docker-compose.yml
+++ b/services/filestore/docker-compose.yml
@@ -53,6 +53,7 @@ services:
      ENABLE_CONVERSIONS: "true"
      USE_PROM_METRICS: "true"
      AWS_S3_USER_FILES_BUCKET_NAME: fake-user-files
+      AWS_S3_USER_FILES_DEK_BUCKET_NAME: fake-user-files-dek
      AWS_S3_TEMPLATE_FILES_BUCKET_NAME: fake-template-files
      GCS_USER_FILES_BUCKET_NAME: fake-gcs-user-files
      GCS_TEMPLATE_FILES_BUCKET_NAME: fake-gcs-template-files
@@ -120,6 +121,7 @@ services:
        mc alias set s3 https://minio:9000 MINIO_ROOT_USER MINIO_ROOT_PASSWORD

        mc mb --ignore-existing s3/fake-user-files
+        mc mb --ignore-existing s3/fake-user-files-dek
        mc mb --ignore-existing s3/fake-template-files
        mc admin user add s3 \
          OVERLEAF_FILESTORE_S3_ACCESS_KEY_ID \
@@ -145,6 +147,22 @@ services:
                ],
                "Resource": "arn:aws:s3:::fake-user-files/*"
              },
+              {
+                "Effect": "Allow",
+                "Action": [
+                  "s3:ListBucket"
+                ],
+                "Resource": "arn:aws:s3:::fake-user-files-dek"
+              },
+              {
+                "Effect": "Allow",
+                "Action": [
+                  "s3:PutObject",
+                  "s3:GetObject",
+                  "s3:DeleteObject"
+                ],
+                "Resource": "arn:aws:s3:::fake-user-files-dek/*"
+              },
              {
                "Effect": "Allow",
                "Action": [