Closed sunilshahi closed 2 years ago
AmazonS3EncryptionClientV2 requires explicit config for SecuityProfile which is not possible with plain .AddAWSService
call.
However, you don't need to hard-code the credentials. You can use ServiceCollectionServiceExtensions.AddTransient Method extension method to inject the AmazonS3EncryptionClientV2 client.
services.AddDefaultAWSOptions(Configuration.GetAWSOptions());
services.AddTransient<IAmazonS3, AmazonS3EncryptionClientV2>(provider =>
{
var materials = new EncryptionMaterialsV2("my-kms-key", KmsType.KmsContext, new Dictionary<string, string>());
var config = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2);
return new AmazonS3EncryptionClientV2(config, materials);
});
S3 SDK will follow the normal credential resolution process. Tester
class code will work without any change.
btw, you don't need AWSSDK.S3
explcitly to use AmazonS3EncryptionClientV2
. AWSSDK.S3 will automatically be pulled as transitive dependency.
We were doing S3 client side encryption (AWS KMS + Context) with code that looks like this.
This is working fine. However, we want to use Amazon.Extensions.NETCore.Setup and not save accessKey and secretKey in our config files like mentioned here.
for example. I can do this if I do not need client side encryption.
But how to do this if I need client side encryption using AmazonS3EncryptionClientV2? Is this possible?
Environment
Running in windows 10 with dot net core 3.1. This is my csproj file.