maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

update docs to remove _OLD credential references

Browse source 
also update the docs about config, IAM on encryption.
This commit is contained in:
Harshavardhana 2021-05-04 10:06:16 -07:00
parent c8aa56ccd7
commit 804a23a06d
2 changed files with 1 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cmd/config/errors.go
View file

@ -120,11 +120,6 @@ var (
"Please check the passed value",
"MINIO_CACHE_AFTER cannot be used with MINIO_CACHE_COMMIT setting",
)
ErrInvalidRotatingCredentialsBackendEncrypted = newErrFn(
"Invalid rotating credentials",
"Please set correct rotating credentials in the environment for decryption",
`Detected encrypted config backend, correct old access and secret keys should be specified via environment variables MINIO_ROOT_USER_OLD and MINIO_ROOT_PASSWORD_OLD to be able to re-encrypt the MinIO config, user IAM and policies with new credentials`,
)
ErrInvalidCredentialsBackendEncrypted = newErrFn(
"Invalid credentials",

20
docs/config/README.md
View file

@ -12,7 +12,7 @@ Additionally `--config-dir` is now a legacy option which will is scheduled for r
minio server /data
```
MinIO also encrypts all the config, IAM and policies content with admin credentials.
MinIO also encrypts all the config, IAM and policies content if KMS is configured. Please refer to how to encrypt your config and IAM credentials [here](https://github.com/minio/minio/blob/master/docs/kms/IAM.md)
### Certificate Directory
@ -40,24 +40,6 @@ export MINIO_ROOT_PASSWORD=minio13
minio server /data
```
##### Rotating encryption with new credentials
Additionally if you wish to change the admin credentials, then MinIO will automatically detect this and re-encrypt with new credentials as shown below. For one time only special ENVs as shown below needs to be set for rotating the encryption config.
> Old ENVs are never remembered in memory and are destroyed right after they are used to migrate your existing content with new credentials. You are safe to remove them after the server as successfully started, by restarting the services once again.
```sh
export MINIO_ROOT_USER=newminio
export MINIO_ROOT_PASSWORD=newminio123
export MINIO_ROOT_USER_OLD=minio
export MINIO_ROOT_PASSWORD_OLD=minio123
minio server /data
```
Once the migration is complete, server will automatically unset the `MINIO_ROOT_USER_OLD` and `MINIO_ROOT_PASSWORD_OLD` with in the process namespace.
> **NOTE: Make sure to remove `MINIO_ROOT_USER_OLD` and `MINIO_ROOT_PASSWORD_OLD` in scripts or service files before next service restarts of the server to avoid double encryption of your existing contents.**
#### Region
```
KEY: