From 6e35a3b3ce052284a50372f13b53b3706cf37569 Mon Sep 17 00:00:00 2001 From: "Justin R. Wilson" Date: Tue, 14 Jun 2016 15:22:54 -0500 Subject: [PATCH] Add AES256 server-side encryption for s3 - Fixes #491 Add a configuration key and support for AES256 server-side encryption. --- docs/content/s3.md | 7 +++++++ s3/s3.go | 15 +++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/docs/content/s3.md b/docs/content/s3.md index 16dd8a8e4..e66da69b5 100644 --- a/docs/content/s3.md +++ b/docs/content/s3.md @@ -121,6 +121,13 @@ Choose a number from below, or type in your own value 9 / South America (Sao Paulo) Region. \ "sa-east-1" location_constraint> 1 +The server-side encryption algorithm used when storing this object in S3. +Choose a number from below, or type in your own value + 1 / None + \ "" + 2 / AES256 + \ "AES256" +server_side_encryption> Remote config -------------------- [remote] diff --git a/s3/s3.go b/s3/s3.go index 58eaef6c5..14542e822 100644 --- a/s3/s3.go +++ b/s3/s3.go @@ -134,6 +134,16 @@ func init() { Value: "sa-east-1", Help: "South America (Sao Paulo) Region.", }}, + }, { + Name: "server_side_encryption", + Help: "The server-side encryption algorithm used when storing this object in S3.", + Examples: []fs.OptionExample{{ + Value: "", + Help: "None", + }, { + Value: "AES256", + Help: "AES256", + }}, }}, }) } @@ -154,6 +164,7 @@ type Fs struct { perm string // permissions for new buckets / objects root string // root of the bucket - ignore all objects above this locationConstraint string // location constraint of new buckets + sse string // the type of server-side encryption } // Object describes a s3 object @@ -303,6 +314,7 @@ func NewFs(name, root string) (fs.Fs, error) { // FIXME perm: s3.Private, // FIXME need user to specify root: directory, locationConstraint: fs.ConfigFile.MustValue(name, "location_constraint"), + sse: fs.ConfigFile.MustValue(name, "server_side_encryption"), } if f.root != "" { f.root += "/" @@ -814,6 +826,9 @@ func (o *Object) Update(in io.Reader, src fs.ObjectInfo) error { Metadata: metadata, //ContentLength: &size, } + if o.fs.sse != "" { + req.ServerSideEncryption = &o.fs.sse + } _, err := uploader.Upload(&req) if err != nil { return err