[james-project] 05/08: JAMES-3524 Configuration should help setting up AES encryption

[bt...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 925b0d5fee9cc621a5257b303b289d82f6358533
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Fri Mar 26 15:16:39 2021 +0700

    JAMES-3524 Configuration should help setting up AES encryption
---
 .../destination/conf/blob.properties                       | 14 +++++++++++++-
 .../cassandra-rabbitmq/destination/conf/blob.properties    | 14 +++++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties b/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties
index c70b3c7..2e06135 100644
--- a/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties
+++ b/dockerfiles/run/guice/cassandra-rabbitmq-ldap/destination/conf/blob.properties
@@ -5,13 +5,25 @@
 # Mandatory, allowed values are: cassandra, s3
 implementation=s3
 
-# ========================================= ObjectStorage deduplication ========================================
+# ========================================= Deduplication ========================================
 # If you choose to enable deduplication, the mails with the same content will be stored only once.
 # Warning: Once this feature is enabled, there is no turning back as turning it off will lead to the deletion of all
 # the mails sharing the same content once one is deleted.
 # Mandatory, Allowed values are: true, false
 deduplication.enable=false
 
+# ========================================= Encryption ========================================
+# If you choose to enable encryption, the blob content will be encrypted before storing them in the BlobStore.
+# Warning: Once this feature is enabled, there is no turning back as turning it off will lead to all content being
+# encrypted. This comes at a performance impact but presents you from leaking data if, for instance the third party
+# offering you a S3 service is compromised.
+# Optional, Allowed values are: true, false, defaults to false
+encryption.aes.enable=false
+
+# Mandatory (if AES encryption is enabled) salt and password. Salt needs to be an hexadecimal encoded string
+#encryption.aes.password=xxx
+#encryption.aes.salt=73616c7479
+
 # ========================================= Cassandra BlobStore Cache ======================================
 # A cassandra cache can be enabled to reduce latency when reading small blobs frequently
 # A dedicated keyspace with a replication factor of one is then used
diff --git a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties
index 1797038..481ef70 100644
--- a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties
+++ b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/blob.properties
@@ -5,13 +5,25 @@
 # Mandatory, allowed values are: cassandra, s3
 implementation=s3
 
-# ========================================= ObjectStorage deduplication ========================================
+# ========================================= Deduplication ========================================
 # If you choose to enable deduplication, the mails with the same content will be stored only once.
 # Warning: Once this feature is enabled, there is no turning back as turning it off will lead to the deletion of all
 # the mails sharing the same content once one is deleted.
 # Mandatory, Allowed values are: true, false
 deduplication.enable=false
 
+# ========================================= Encryption ========================================
+# If you choose to enable encryption, the blob content will be encrypted before storing them in the BlobStore.
+# Warning: Once this feature is enabled, there is no turning back as turning it off will lead to all content being
+# encrypted. This comes at a performance impact but presents you from leaking data if, for instance the third party
+# offering you a S3 service is compromised.
+# Optional, Allowed values are: true, false, defaults to false
+encryption.aes.enable=false
+
+# Mandatory (if AES encryption is enabled) salt and password. Salt needs to be an hexadecimal encoded string
+#encryption.aes.password=xxx
+#encryption.aes.salt=73616c7479
+
 # ========================================= Cassandra BlobStore Cache ======================================
 # A cassandra cache can be enabled to reduce latency when reading small blobs frequently
 # A dedicated keyspace with a replication factor of one is then used

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org