Client-side encryption

[JamesB7]

Hello,

Could you please consider supporting client-side encryption? ( https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html ) This would allow not sharing the encryption keys with Amazon.

Thank you!

James

[sqlbot]

Note that client-side encryption is not actually a feature of the S3 service itself -- it's actually a feature provided by a subset of the official AWS SDKs, none of which are used by s3fs-fuse.

[maximpichler]

Even though it's not an S3 feature, it would be very useful. Or are there other ways to do this?

[gaul]

An s3fs fork implements this:

https://github.com/hellochrisyou/S3FS_OpenSSL_RC4_MD5

However I think we should align with the AWS implementation to allow interoperability:

https://github.com/gaul/s3proxy/pull/296#issuecomment-530817114

[jopdorp]

client side encryption would be a great feature.

[rebelga]

It's a big issue for me and why I can't use this currently. Without client side encryption, my data would be too exposed. Interoperability with AWS S3 SDK is not at all important to me, just S3FS interoperability across S3 providers.

[gaul]

@rebelga You can work around this with S3Proxy using the encryption middleware: https://github.com/gaul/s3proxy/pull/398. As for s3fs itself, I think it should follow the AWS style for interoperability.