PBM-1376 Added SSE-S3 encryption description (#201)

PBM-1376 Added SSE-S3 encryption description --------- Co-authored-by: radoslawszulgo <[email protected]>
percona · Sep 2, 2024 · 2e6bc78 · 2e6bc78
1 parent 2527dd7
commit 2e6bc78
Showing 1 changed file with 28 additions and 7 deletions.
diff --git a/docs/details/storage-configuration.md b/docs/details/storage-configuration.md
@@ -36,9 +36,21 @@ Percona Backup for MongoDB should work with other S3-compatible storages, but wa
 
 #### Server-side encryption
 
-!!! admonition "Version added: [1.3.2](../release-notes/1.3.2.md)" 
+Percona Backup for MongoDB supports [server-side encryption](../reference/glossary.md#server-side-encryption) for [S3 buckets](../reference/glossary.md#bucket) with the following encryption types:
+
+* customer-provided keys stored in AWS KMS (SSE-KMS)
+* customer-provided keys stored on the client side (SSE-C)
+* Amazon S3 managed encryption keys (SSE-S3)
+
+To learn more about each encryption type, refer to the following sections of Amazon AWS documentation:
+
+* [Using server-side encryption with Amazon S3 managed keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html)
+* [Protecting Data Using Server-Side Encryption with CMKs Stored in AWS Key Management Service (SSE-KMS) :octicons-link-external-16:](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html)
+* [Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) :octicons-link-external-16:](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html)
 
-Percona Backup for MongoDB supports [server-side encryption](../reference/glossary.md#server-side-encryption) for [S3 buckets](../reference/glossary.md#bucket) with customer-provided keys stored in AWS KMS (SSE-KMS).
+##### SSE-KMS encryption
+
+!!! admonition "Version added: [1.3.2](../release-notes/1.3.2.md)" 
 
 To use the SSE-KMS encryption, specify the following parameters in the Percona Backup for MongoDB configuration file: 
 
@@ -48,6 +60,8 @@ serverSideEncryption:
    sseAlgorithm: aws:kms
 ```  
 
+##### SSE-C encryption
+
 !!! admonition "Version added: [2.0.1](../release-notes/2.0.1.md)" 
 
 Percona Backup for MongoDB also supports server-side encryption with customer-provided keys that are stored on the client side (SSE-C). Percona Backup for MongoDB provides the encryption keys as part of the requests to the S3 storage. The S3 storage uses them to encrypt/decrypt the data using the `AES-256` encryption algorithm. In such a way you save on subscribing to AWS KMS services and can use the server-side encryption with the S3-compatible storage of your choice.
@@ -69,12 +83,19 @@ serverSideEncryption:
   sseCustomerKey: <your_encryption_key>
 ``` 
 
-!!! admonition "See also"
+##### SSE-S3 encryption
+
+!!! admonition "Version added: [2.6.0](../release-notes/2.6.0.md)" 
+
+Percona Backup for MongoDB supports server-side encryption with Amazon S3 managed keys (SSE-S3), the default encryption method in Amazon AWS. All new objects added to an S3 bucket are automatically encrypted without impacting performance.
+
+To use SSE-S3 encryption, specify the following parameters in the Percona Backup for the MongoDB configuration file:
+
+```yaml
+serverSideEncryption:
+   sseAlgorithm: AES256
+```  
 
-    AWS Documentation:
-
-    * [Protecting Data Using Server-Side Encryption with CMKs Stored in AWS Key Management Service (SSE-KMS) :octicons-link-external-16:](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html)
-    * [Protecting data using server-side encryption with customer-provided encryption keys (SSE-C) :octicons-link-external-16:](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html)
 
 #### Debug logging