Skip to content

Support for Secret-Key Free Uploads (POST) #83

Open
talos opened this Issue Oct 8, 2012 · 1 comment

2 participants

@talos
talos commented Oct 8, 2012

s3cmd doesn't currently support uploading files without having immediate access to the secret key. In situations where you'd like to run s3cmd on a machine that can't have access to a secret key (for example, Travis CI), this becomes a problem:

https://gist.github.com/3828710#file_s3_policy.json

The above example also demonstrates a solution -- the use of POST with a base64 encoded policy, and a signature generated from the access key and the policy. The Amazon spec for this is here:

http://doc.s3.amazonaws.com/proposals/post.html

You still need to generate the policy and the signature, but it's safe to ship those off elsewhere and uploads can continue to be done with them (within the limits set forth by the policy, of course).

I put together a very preliminary, hack-ish implementation of this:

talos@082f337

This will upload without any secret key, but you still need to pre-generate your base64 encoded policy and signature. Also, many awesome aspects of s3cmd (retries, additional headers) break down. And the arg hook into s3 itself (policypost) is pretty ad-hoc.

This issue is primarily to gauge interest -- it would be considerably more difficult to generate a clean, ready-to-integrate implementation of this feature for s3cmd, but might be worth the extra effort.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.