Cloudflare #r2

Join Discord

kian

04/13/2022, 6:11 PM

S3 is basically the standard for cloud storage too - pretty much all providers have an S3 compatible API

Isaac McFadyen | YYZ01

04/13/2022, 6:11 PM

https://aws.amazon.com/s3/

stupefied | AS204829

04/13/2022, 6:11 PM

Vitali

04/13/2022, 6:12 PM

SSE-C is a form of encryption where you don't have to encrypt on your end and we promise we only use the keys you provide ephemerally (i.e. without the keys you provide even we can't decrypt your object)

albert

04/13/2022, 6:12 PM

Perhaps make a section for headers that are globally unsupported? Instead of writing them under each operation.

kavinplays

04/13/2022, 6:12 PM

that sounds nice

stupefied | AS204829

04/13/2022, 6:13 PM

hmm, seems interesting

kian

04/13/2022, 6:13 PM

kian

04/13/2022, 6:13 PM

was gonna see how the PR looks at the moment but it failed

kian

04/13/2022, 6:13 PM

stupefied | AS204829

04/13/2022, 6:13 PM

so it's like, cloudflare encrypts/decrypts for you but you provide the keys?

kavinplays

04/13/2022, 6:14 PM

that's an unsupported header i believe, nvm

Vitali

04/13/2022, 6:14 PM

R2 is always storing everything encrypted. SSE-C is just like an extra pinky promise

Vitali

04/13/2022, 6:14 PM

(We haven't implemented SSE-C yet)

albert

04/13/2022, 6:14 PM

and I guess it's primarily for compliance purposes?

stupefied | AS204829

04/13/2022, 6:14 PM

ahh, that makes more sense

kavinplays

04/13/2022, 6:15 PM

and privacy focused people, having extra encryption never hurts

Vitali

04/13/2022, 6:15 PM

Potentially? I haven't delved into compliance too much and there's so much security theater it makes my soul hurt

stupefied | AS204829

04/13/2022, 6:15 PM

kinda at least but i think get the gist of it

Jacob | Pages

04/13/2022, 6:15 PM

if it's really sensitive you can always encrypt before uploading 🙂

albert

04/13/2022, 6:15 PM

You're going to want to use client-side encryption for that.

Jacob | Pages

04/13/2022, 6:15 PM

Just need rclone to support R2 now 😄

Vitali

04/13/2022, 6:16 PM

What's missing?

kavinplays

04/13/2022, 6:16 PM

ik, but that's more effort than passing a header/request

Vitali

04/13/2022, 6:16 PM

But generally our encryption approach is pretty good and we're not going to go spelunking through object contents

Vitali

04/13/2022, 6:16 PM

And yes, SSE-C does provide a nice middle ground

stupefied | AS204829

04/13/2022, 6:17 PM

So I saw in the R2 dashboard that you would be able to upload from the dashboard, can you download data from buckets in the dashboard as well?

Vitali

04/13/2022, 6:17 PM

It's not there yet but yes

Vitali

04/13/2022, 6:17 PM

there are file size limitations for now but we hope to lift that by the end of the year

Jacob | Pages

04/13/2022, 6:17 PM

I don't have dashboard access yet...is R2 still Workers API or does it have S3 yet?