-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle aws key expiration #446
Comments
Not sure this is possible directly, maybe with playing around with custom signing method where you'd make temporary keys and sign them in client. Also, why not make the key validity longer? Or per-upload? |
Per-upload would be too much - we upload thousands of files. And there is no control over validity time. |
Do you agree that setting the |
I see.. I am not sure, PRs welcome :) |
@jakubzitny is it possible to handle this situation if we use |
Yes, but that requires signing on client where you'd need a secret. We do it with temporary secrets that backend sends to client only for specific time, iam and location on s3. Or you can do extra request to you signing backend custom url, but you could do that with |
@jakubzitny could you share some code with us how you do the signing on the client? How do you deal with the situation when the temporary credentials expire while there are still files in the upload queue? |
I shared something here: #402 (comment) And we don't do that. We have separate credentials for each upload and if something fails or takes a long time we create a new credentials and start over. |
In case
aws_key
is only valid for 1 hour, how should I handle the situation when the upload process has been started with Evaporate#add using one accessKey, but URL was signed with a different key?In
signResponseHandler
I have both signed URL and an access key it was signed with. But according to the Evaporate#add source code there is no way to updatefileUpload
configuration.The text was updated successfully, but these errors were encountered: