Specifying server-side encryption and Reduced Redundancy storage #138

Open
ykessler opened this Issue Nov 15, 2013 · 6 comments

Projects

None yet

3 participants

@ykessler

Is it possible to include options for specifying server-side encryption and Reduced Redundancy Storage (RRS)?

@elsurudo

I am also interested in knowing this. Have you found the answer, by any chance?

@ykessler

@elsurudo I never was able to do it through s3_direct_upload - I solved it by just immediately applying server-side encryption and Reduced Redundancy Storage to new items through my server side AWS library as soon as the upload was complete.

@elsurudo

@ykessler Well brother, I figured it out if you want to simplify your code a bit :)

Add the following option to your s3_uploader_form call to generate the policy properly:
conditions: [{ 'x-amz-server-side-encryption' => 'AES256'}]

Then, add the following inside your form so S3 knows you want to encrypt:
<%= hidden_field_tag 'x-amz-server-side-encryption', 'AES256' %>

That's it!

EDIT: Furthermore, you should be able to set reduced-redundancy-storage using the same method, using a key of "x-ams-storage-class" and a value of "REDUCED_REDUNDANCY".

See here for docs: http://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html

@ykessler

@elsurudo Beautiful- thanks for the update, I'll try it out!

@mogox
mogox commented Nov 10, 2015

Added an example on the wiki page based on this conversation: https://github.com/waynehoover/s3_direct_upload/wiki/Example-of-setting-up-%22s3_direct_upload%22-with-Server-Side-Encryption-on-Amazon-S3

However, I still think @ilyakatz PR #225 makes sense.

@elsurudo

@mogox Agreed – it would be nice to be able to specify a single option, perhaps even on an initializer or something. This method works, but it's a bit verbose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment