search

craftcms / aws-s3

Amazon S3 volume type for Craft CMS.
https://plugins.craftcms.com/aws-s3
MIT License
61 stars 28 forks source link

Ability to use server side encryption #154

Closed cdenneen closed 8 months ago

cdenneen commented 2 years ago

Leverage the S3Client configuration to GetObject/PutObject allowing default AES256 encrytion or KMS.

For AES256 just requires additional parameter to objects for ServerSideEncryption to be passed:

$s3 = new S3Client([
    'version' => 'latest',
    'region'  => 'us-east-1'
]);

// Upload a file with server-side encryption.
$result = $s3->putObject([
    'Bucket'               => $bucket,
    'Key'                  => $keyname,
    'SourceFile'           => $filepath,
    'ServerSideEncryption' => 'AES256',
]);
timkelty commented 8 months ago

@cdenneen FWIW, as of January 5, 2023, all s3 uploaded objects are encrypted with AES256 by default, even if the ServerSideEncryption param isn't passed.

timkelty commented 8 months ago

@cdenneen As of 2.2.0, 'ServerSideEncryption' => 'AES256' is now sent by default, as this aligns with S3 defaults. See: https://github.com/craftcms/aws-s3/pull/174