aws-s3-cse

Provides a bare-bones Ruby implementation of the client-side encryption for the AWS S3 service. When writing data to AWS the data is encrypted using a randomly generated envelope key and initialization vector. The envelope key is encrypted using a private key provided by the user and added as metadata to the object together with the initialization vector. When reading the object the envelope key is decrypted using the user-provided public key. The data is then decrypted using the envelope key.

The following config options are added to AWS.config:

  • s3_private_key - the private key with which to encrypt the envelope key

  • s3_public_key - the public key with which to decrypt the envelope key

  • s3_client_side_encryption - boolean indicating whether to use client side encryption or not

Contributing to aws-s3-cse

  • Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet.

  • Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it.

  • Fork the project.

  • Start a feature/bugfix branch.

  • Commit and push until you are happy with your contribution.

  • Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

Copyright © 2012 Tom Nijmeijer. See LICENSE.txt for further details.