Installation method: FTP onto Shared Web Host (no SSL) nginx
Are you using CloudfIare, mod_security, or similar? (Yes / No)
do not know
Issue:
Sorry (I am new to NC) but have been working hard on figuring this encryption problem out. ChatGPT can only do so much…
I am not sure of my best work flow and available options.
I am connecting to a S3 Type External Storage Service (Wasabi) using the App “External storage” in NC.
I left the SSE-C key field empty during setup. The connection works. I notied that after saving my settings my SSE-C key field gets filled in with dummy bullet points (confusing!). The field in the table oc_external_config.keysse_c_key is still empty.
How can I specify my settings to instruct the external storage to save my data in an encrypted “at rest” state?
I do not want to enable “Server-side encryption”!
The reason I want to avoid “Server-side encryption” is: I want to use an external upload program (outside of NC) to upload straight to the S3 External Storage – because the Host is not letting me use memcache, and do not want to tax the host with that “proxy-type” task.
I am not sure, will “Server-side encryption” support differently encrypted data from outside sources?
And/Or, is there a way to isolate the External Storage to not getting encrypted data because the “Server-side encryption” is enabled?
What are my options? Another App maybe?
I am using rclone to upload the data. Non-encrypted upload (upload and on rest) works – but I could not get encrypted at rest to work "ServerSideEncryption": "AES256".
I have only limited access to the host setup (no SSL or Terminal), so could not provide more info at this point.
SSE-C is the correct parameter to have your S3 platform handle encryption for you (rather than Nextcloud itself). I’m unclear about your query: are you saying you entered an SSE-C key and it isn’t saving? (Your initial description says you left it blank so I’m a bit unclear.)
Nextcloud Server version: 30.0.2
As an aside, I would suggest making sure you’re running the latest v30 maintenance release (which is v30.0.8 at the moment).
I am sorry – my version number is not 30.0.2 but 31.0.2 (Stable release).
During the setting up of my first bucket (external storage) I left the SSE-C field empty. Using that connection works. I can upload directly to my bucked externally, not using NC but using rclone, and connect to my bucket using NC, see and download my files.
If I where to enter a value in the SSE-C field, is it AES256? And I suppose that would only really matter for when NC uploads to a S3 bucket, right? As far as I understand it has no meaning when downloading files from a S3 bucket through NC.
