Handle aws key expiration #446
Comments
|
Not sure this is possible directly, maybe with playing around with custom signing method where you'd make temporary keys and sign them in client. Also, why not make the key validity longer? Or per-upload? |
|
Per-upload would be too much - we upload thousands of files. And there is no control over validity time. |
Do you agree that setting the |
|
I see.. I am not sure, PRs welcome :) |
|
@jakubzitny is it possible to handle this situation if we use |
|
Yes, but that requires signing on client where you'd need a secret. We do it with temporary secrets that backend sends to client only for specific time, iam and location on s3. Or you can do extra request to you signing backend custom url, but you could do that with |
|
@jakubzitny could you share some code with us how you do the signing on the client? How do you deal with the situation when the temporary credentials expire while there are still files in the upload queue? |
|
I shared something here: #402 (comment) And we don't do that. We have separate credentials for each upload and if something fails or takes a long time we create a new credentials and start over. |
In case
aws_keyis only valid for 1 hour, how should I handle the situation when the upload process has been started with Evaporate#add using one accessKey, but URL was signed with a different key?In
signResponseHandlerI have both signed URL and an access key it was signed with. But according to the Evaporate#add source code there is no way to updatefileUploadconfiguration.The text was updated successfully, but these errors were encountered: