| ▲ | coldtea 2 days ago | |
>no lifecycle management of any kind - if you're using it for backups you can't set "don't delete versions for 3 months", so if anyone takes hold of your key, you backups are gone If someone gets a hold of your key, can't they also just change your backup deletion policy, even if it supported one? | ||
| ▲ | PunchyHamster 2 days ago | parent [-] | |
> If someone gets a hold of your key, can't they also just change your backup deletion policy, even if it supported one? Minio have full on ACLs so you can just create a key that can only write/read but not change any settings like that. So you just need to keep the "master key" that you use for setup away from potentially vulnerable devices, the "backup key" doesn't need those permissions. | ||