Server-Side Encryption with Client-Managed Keys

markh · November 25, 2023, 5:03pm

Hi!

I’m very happily using TagSpaces Web with minio, both self-hosted on a single NAS. I’m now looking for a way to encrypt the TagSpaces data at rest on the NAS.

MinIO SSE-C supports client-driven encryption of objects before writing the object to the drive, i.e. by using a key provided by the client. It is functionally compatible with Amazon Server-Side Encryption with Customer-Provided Keys and seems ideal for securing a typical TagSpaces Web installation?

https://min.io/docs/minio/kubernetes/gke/administration/server-side-encryption/server-side-encryption-sse-c.html#

Could this be implemented in Tag Spaces? The key could be supplied by the user, stored with the Tag Spaces Location and then used in every request to the server?

Thanks for considering.

ilian · November 26, 2023, 8:03pm

This is a very good idea, thanks for suggesting it! Since TagSpaces is an open source project we are accepting pull requests, in case someone is willing to contribute this feature…

markh · November 28, 2023, 8:57am

Thanks. I can’t offer coding at the moment. But I’d be very willing to help with testing if anyone can provide the code …

Topic		Replies	Views
Web app to tag local files General	2	173	November 6, 2023
Configure Location for TagSpaces Lite Web Help	4	589	March 25, 2024
TagSpaces with WebDAV Feature requests	1	162	November 5, 2023
Future of Docker support for TagSpaces Web General	3	44	September 9, 2024
Deployment Issues with TagSpaces Web - Seeking Assistance General	18	165	December 8, 2023

Server-Side Encryption with Client-Managed Keys

Related topics