SSE-C support in S3 via External Storage

[xangelix]

Is your feature request related to a problem? Please describe.
SSE-C will soon be supported in primary storage.
It would be really great to be able to use this feature with external storage's implementation of S3 as well.

Describe the solution you'd like
I would like to be able to mount an S3 bucket with this option enabled in the standard settings as with any other S3 external storage configuration. Providing the option in the GUI is ideal, but not necessary for my use case--though I'm not sure if there's a way to add external mounts through nextcloud configuration files at this time.

Describe alternatives you've considered
I wrestled with various fuse implementations such as s3fs and geesefs which provide the SSE-C feature, and mounting as a local volume in external storage, but this proved a permissions nightmare and unstable in my container environment.

Additional context
None

[warrenatharrisdotnetwork]

a workaround is to use s3fs which does support sse_C. Lets not take time away from these developers with feature requests when their product is barely functional as is.

[xangelix]

fuse implementations of S3 are inherently lacking in many ways. geesefs is a gigantic improvement but fails to work with Wasabi as required in my environment. Beyond all that, even under cgroupsv2, my environment's security requirements do not support this option.

Implementing the required headers for this feature seems like a reasonable request, and one that I would be happy to place a bounty on once when/if this issue is accepted/triaged.

[icassassin]

Just to comment on using s3fs for this: this solution isn't ideal, and possibly very detrimental depending on the terms of your S3 provider. I've noticed that when I upload a file through Nextcloud it seems to make 3 different operations on the file system. My provider has a minimum time of storage, and because of that, a file upload occupies the used space equal to the file size and deleted space equal to 2*file size, which is somewhat unsustainable with such a service. What I think is happening is that when you upload a file, it stores the upload chunks on the primary drive, and then rebuilds the full file onto the s3fs, and then renames the file, and maybe does something with permissions? In any case, from my S3 provider, it looks like I've copied the file 3 times and deleted it twice, and I'm guessing for some users that's going to be a serious problem.

[asheroto]

This is supported now, yeah? Maybe this issue can be closed?

[joshtrichards]

No, it's supported for Primary Storage, not External Storage at the moment.

[lobeck]

Had a brief look at the code and it shouldn't be too hard to implement. Might take a look in the next couple of days.

[joshtrichards]

Hi @lobeck - For reference when doing the External Storage implementation, the original PRs that added SSE-C for Primary Storage are:

• [S3] Add option to specify an SSE-C customer provided key #32798
• fix(s3): Pass SSE-C parameters for multipart upload #38934
• fix(s3): add SSE-C parameters to headObject call #39629