What Is The Right Way To Create A SSECustomerKey For Boto3 File Encryption In Python?
I am using boto3 with my django application to upload media to S3. But I am having trouble encrypting the files on server using 'Server Side Encryption using Customer Provided Encr
Solution 1:
The right way to do is to use os.urandom
import os
secret_key = os.urandom(32) # The key needs to be 32 character long.
and one doesn't need to provide SSECustomerKeyMD5
as boto3 calculates it for you.
and also SSE-C doesn't work right in key.put
, as for now, I don't know for what reasons. One has to do it this way.
s3 = boto3.client('s3')
s3.put_object(**kwargs)
Solution 2:
It seems SSE works with Object
too. An example is as follows
import boto3
from botocore.config import Config
s3 = boto3.resource('s3',
region_name="us-east-1",
aws_access_key_id="key id",
aws_secret_access_key="access key",
config=Config(signature_version='s3v4'))
s3.Object("bucket", "filename").put(Body="text",
SSEKMSKeyId="some id",
ServerSideEncryption='aws:kms')
To read it, use
s3.Object("bucket", "filename").get()['Body'].read()
Post a Comment for "What Is The Right Way To Create A SSECustomerKey For Boto3 File Encryption In Python?"