-
Notifications
You must be signed in to change notification settings - Fork 27
Configuration Credentials Keys and Encryption
In order to identify a user, the java-manta client requires a minimum of a username, private key, and private key ID. This private key is provided to the java-http-signature library in order to authorize requests against manta while the key fingerprint is used to verify that the loaded key is the key expected by the user.
We'll start with an empty StandardConfigContext:
ConfigContext config = new StandardConfigContext();When configuring the client to identify as a sub-user, remember to include the account owner as well as the sub-user, e.g. yourorganization/youruser. Let's assume we're working with a sub-user:
config.setMantaUser("yourorganization/youruser");The private key may be set in one of two ways: either as a path to the key or by providing the raw key content. The latter is less commonly used but is provided in case writing to the local filesystem is inconvenient or impossible for any reason. Specifying a path to our private key:
config.setMantaKeyPath("/home/usersvc/.ssh/id_rsa");As described in the Getting Started guide introducing the ConfigContext classes the private key fingerprint, or private key ID, can be acquired either from the Triton Portal or calculated locally using ssh-keygen -l. Note that the key ID can be specified in either SHA256 or MD5 formats with or without the leading prefix. The key ID (or fingerprint) can be found using ssh-keygen -l -f ./path/to/manta/key and is prefixed with either SHA256: or MD5: in the ssh-keygen output to indicate which algorithm was used to generate the fingerprint.
config.setMantaKeyId("5b:7e:fd:27:2e:8c:4c:3a:0e:6e:07:24:f8:62:8c:b9");
/*
any of the following values would also be accepted:
"MD5:5b:7e:fd:27:2e:8c:4c:3a:0e:6e:07:24:f8:62:8c:b9"
"V1S2/yTakPV9bZwZAiFKSpRPC1nwHEY4ylDhtwBfmaA"
"SHA256:V1S2/yTakPV9bZwZAiFKSpRPC1nwHEY4ylDhtwBfmaA"
*/java-manta also provides configuration settings related to its client-side encryption features. For more information about configuring encryption, see the relevant Getting Started guide.
-
manta.client_encryption: Boolean value indicating whether or not client-side encryption is enabled, defaulting tofalse. The following options will be ignored if this value isfalse. -
manta.encryption_key_id: String identifier for the key being used to perform encryption. -
manta.encryption_algorithm: String identifier for the cipher to use. -
manta.permit_unencrypted_downloads: Boolean value indicating whether or not a client with encryption enabled will allow downloading of unencrypted objects. See the Getting Started - Encryption section on additional settings guide for more info. -
manta.encryption_auth_mode: Enum ofOptionalorMandatoryspecifying whether or not to attempt to authenticate the ciphertext. See the Getting Started - Encryption section on additional settings guide for more info. -
manta.encryption_key_path: Path to a file containing the secret key to use for client-side encryption (not base64-encoded). Typically specifies a file generated by thegenerate-keyofjava-manta-clicommand. -
manta.encryption_key_bytes: Raw byte array corresponding toSecretKey#getEncoded -
manta.encryption_key_bytes_base64: Base64-encoded version ofmanta.encryption_key_bytes. May be specified through either a system property or theMANTA_ENCRYPTION_KEY_BYTESenvironment variable.