X-amz-content-sha256 Header Mismatch When Uploading Objects to Kerberos Vault

We’re encountering an authentication error while trying to upload files to Storj via the S3-compatible API from a self-hosted Kerbero Vault. The error occurs consistently during object uploads, and we’d appreciate your guidance to resolve it.

> [ERROR] POST /api/storage 400 | Header 'x-amz-content-sha256' mismatch

Endpoint: POST /api/storage (via Kerberos Vault ).
When It Happens: Immediately after attempting to upload any file.

Environment

  • Storj Configuration:
    • Access Key: REDACTED
    • Secret Key: REDACTED
    • Region: global
    • Bucket: REDACTED (already created).

Have you encountered similar issues (x-amz-content-sha256 mismatch) in integrations with Kerberos Vault?
Is it possible to access request logs/debug traces for our Storj bucket?

Hello @javertiz,
Welcome to the forum!

I didn’t notice - did you specify the gateway endpoint gateway.storjshare.io in the Kerberos Vault configuration for the bucket?

Yes, but for that you need to contact sales.

Hello @javertiz,
While I am not sure, I suspect you might be encountering this issue

The team is currently working to implement STREAMING-UNSIGNED-PAYLOAD-TRAILER and STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER requests.

Before this is released, can you perhaps try downgrading Kerberos Vault so that it uses AWS CLI no fresher than aws-cli/2.15.21 ?

Hello @Alexey
I’m sorry, I didn’t mention it. Yes, I did use `gateway.storjshare.io
In the “Storage Providers” configuration in Vault, I get a “Configuration is valid and working” message.

Hello @hydr
I’ll try a downgrade Vault version. Just in case, do you know what the last working Vault version is?

Thanks, guys, for the response.

1 Like

I saw the issue on their GitHub, and I think x-amz-content-sha256 header mismatch happens due to a 0 length uploaded object, and of course it would fail the check.
The more interesting, that it gets 400 Bad Request on upload requests, I believe this is a culprit of the issue.

Could you please try to configure it as a Minio provider? You would need to enable SSL and provide the hostname gateway.storjshare.io, the Access Key and the Secret Key which you got from the Storj Console when you created S3 credentials.