Re: Storage objects readable by allUsers in Cloud ...

JensAlsted · 12-09-2021 04:44 AM

Hello
Im setting up a Rails project with cloud storage. Google has a handy guide (https://cloud.google.com/ruby/rails/run#objectives) that works. No problems.

Im wondering about the part of: "After creating a bucket, to make the uploaded images public, change the permissions of image objects to be readable by everyone." using "gsutil iam ch allUsers:objectViewer".

Is this secure operation? If no, what guidance is there available to make this more secure.

Thanks
Jens

Horace

Hello,

Cloud Storage secures data by default with rich security controls and the ability to audit as needed. Cloud Storage uses server-side encryption to encrypt your data by default. You can also use supplemental data encryption options such as customer-managed encryption keys and customer-supplied encryption keys [1]. Additionally, kindly check the following resources with regards to best practices for securing your data on Cloud Storage.

With the gsutil command itself, it is a secure command and performs all operations using transport-layer encryption (HTTPS), to protect against data leakage over shared network links [3].

Hope this answers your question.

Regards

[1] https://cloud.google.com/storage/docs/introduction#securing_your_data
[2] https://cloud.google.com/storage/docs/best-practices#security
[3] https://cloud.google.com/storage/docs/gsutil/addlhelp/SecurityandPrivacyConsiderations#transport-lay...

Storage objects readable by allUsers in Cloud Rails guide