I am trying to deploy a private docker registry in AWS, and as part of my client requirements there is a need to encrypt data a bit almost everywhere, including the blobs stored in the registry.
Despite this could be easily achieved with an EC2 instance with an EBS volume encrypted, we’d like to use an S3 bucket to take different advantages out of that.
As per documentation on the S3 backend storage other that the usual configuration I am using encrypted=true and keyid=my_key_id in a similar setup:
docker run -p 5000:5000
-e “KEYID=test-key” registry:2
What I see from the registry output as logs is the same as if I omit the 2 extra parameters and it does not seems to encrypt any data on server side.
To test that I had setup another registry on another instance pointing at the same exact bucket but WITHOUT passing the encryption key option and from this new registry I can pull without any problems any image pushed in the other (so I can conclude that no encryption is applied otherwise the second registry won’t give me any valid images that I could pull)
Have anyone else experienced this issue or know how to solve it?
Any help appreciated!!! Cheeers!!!