You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here are some things you can do with Gists in GistBox.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Management APIs implement remote administrative operations over HTTP/REST. This guide is intended for SDK developers of package like madmin. If you are an enduser please take a look at mc admin CLI interface.
Authentication
All requests should be signed using AWS Signature Version V4
FEEDBACK: We can use simpler JSON webtoken for Auth just like how minio-browser does. Tokens are a standard way of auth for REST APIs.
Bucket policy is an access policy available for you to grant anonymous permissions to your Minio resources. Bucket policy uses JSON-based access policy language.
This section presents a few examples of typical use cases for bucket policies. The policies use testbucket strings in the resource value. To test these policies, you need to replace these strings with your bucket name. For more information please read Amazon S3 access policy language
Granting Read-Only Permission to an Anonymous User
The following example policy grants the s3:GetObject permission to any public anonymous users. This permission allows anyone to read the object data under testbucket, which is useful for when you have publicly readable assets. A typical example is a website assets stored in testbucket.
SSE-C - client provides data encryption key for every get/put object calls. AWS S3 does not store client provided data encryption key. Client provided data encryption key may be generated by AWS KMS for every get/put object calls. It is user responsibility to securely save/map data encryption keys generated by KMS and AWS S3 does not store any data encryption key.
SSE-S3 - client does not provide any encryption key for any get/put object calls. AWS S3 uses one single key (generated at first time) to encrypt/decrypt objects. Accordingly AWS docs, this key is stored along with object data.
SSE-KMS - client provides Customer Master Key (CMK) for any get/put object calls. AWS S3 uses client's provided CMK to generate data keys using KMS to encrypt/decrypt objects. This data key is encrypted using KMS and is stored along with object data.