I have set up a Minio server, a KES server and a KMS hashicorp vault server so that I can encrypt the data stored on Minio, but I cannot find out in detail how Minio works with vault.
The servers communicate with each other using a TLS certificate but I haven't found what the data does, does it arrive and then it is encrypted?
I also wonder if we can encrypt things other than buckets in Minio?
And finally I ask myself the question regarding the encryption keys, when I change the encryption key on the bucket, does it decrypt the data then encrypt it again with the new keys or is something else happening?
I have set up the three servers with the different certificates, and it work great but I need more information about how this work.
I tried to find informations about this but there is no good documentation on how it truly work.