Skip to content Skip to sidebar Skip to footer
Home / Amazon S3 / Boto / Boto3 / Encryption / Python

What Is The Right Way To Create A SSECustomerKey For Boto3 File Encryption In Python?

Post a Comment
I am using boto3 with my django application to upload media to S3. But I am having trouble encrypting the files on server using 'Server Side Encryption using Customer Provided Encr

Solution 1:

The right way to do is to use os.urandom

import os
secret_key = os.urandom(32) # The key needs to be 32 character long.

and one doesn't need to provide SSECustomerKeyMD5 as boto3 calculates it for you.

and also SSE-C doesn't work right in key.put, as for now, I don't know for what reasons. One has to do it this way.

s3 = boto3.client('s3')
s3.put_object(**kwargs)

Solution 2:

It seems SSE works with Object too. An example is as follows

import boto3
from botocore.config import Config

s3 = boto3.resource('s3', 
                    region_name="us-east-1",
                    aws_access_key_id="key id",
                    aws_secret_access_key="access key",
                    config=Config(signature_version='s3v4')) 
s3.Object("bucket", "filename").put(Body="text",
                                    SSEKMSKeyId="some id",
                                    ServerSideEncryption='aws:kms')

To read it, use

s3.Object("bucket", "filename").get()['Body'].read()

You may like these posts

Post a Comment for "What Is The Right Way To Create A SSECustomerKey For Boto3 File Encryption In Python?"