Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

S3 backups should support KMS encryption

Many enterprises have security standards around s3 buckets including requiring encryption.  Currently, Chef A2 backup to S3 does not allow for this.  

# this fails when kms encryption is enabled
chef-automate backup create

# likewise, this aws s3 command fails
aws s3 cp /tmp/hi.txt s3://acme-chefautomate/ 

# while this one, with just one simple '--flag option' added, succeeds
aws s3 cp /tmp/hi.txt s3://acme-chefautomate/ --sse aws:kms

Please consider adding at least the equivalent of an option for "--sse aws:kms" to the s3 backup config settings.  Feels like this should be a very low hanging fruit thing to do.

  • Steven ONeill
  • Feb 20 2020
  • Currently Declined
  • Attach files