Class: Aws::S3::Encryption::Client

Inherits:
Object
  • Object
show all
Defined in:
aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Client

Creates a new encryption client. You must provide on of the following options:

  • :key_provider
  • :encryption_key

Options Hash (options):

  • :key_provider (#key_for)

    Any object that responds to #key_for. This method should accept a materials description JSON document string and return return an encryption key.

  • :encryption_key (OpenSSL::PKey::RSA, String)

    The master key to use for encrypting/decrypting all objects.

  • :envelope_location (Symbol) — default: :metadata

    Where to store the envelope encryption keys. By default, the envelope is stored with the encrypted object. If you pass :instruction_file, then the envelope is stored in a seperate object in Amazon S3.

  • :instruction_file_suffix (String) — default: '.instruction'

    When :envelope_location is :instruction_file then the instruction file uses the object key with this suffix appended.


182
183
184
185
186
187
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 182

def initialize(options = {})
  @client = options[:client] || S3::Client.new
  @key_provider = extract_key_provider(options)
  @envelope_location = extract_location(options)
  @instruction_file_suffix = extract_suffix(options)
end

Instance Attribute Details

#clientS3::Client (readonly)


190
191
192
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 190

def client
  @client
end

#envelope_locationSymbol<:metadata, :instruction_file> (readonly)


196
197
198
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 196

def envelope_location
  @envelope_location
end

#instruction_file_suffixString (readonly)


201
202
203
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 201

def instruction_file_suffix
  @instruction_file_suffix
end

#key_providerKeyProvider (readonly)


193
194
195
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 193

def key_provider
  @key_provider
end

Instance Method Details

#get_object(params = {}) ⇒ Object

Note:

The :range request parameter is not yet supported.

Gets an object from Amazon S3, decrypting data locally. See S3::Client#get_object for documentation on accepted request parameters.

Options Hash (params):

  • :instruction_file_suffix (String)

    The suffix used to find the instruction file containing the encryption envelope. You should not set this option when the envelope is stored in the object metadata. Defaults to #instruction_file_suffix.

  • :instruction_file_suffix (String)

See Also:

  • S3::Client#get_object

233
234
235
236
237
238
239
240
241
242
243
244
245
246
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 233

def get_object(params = {})
  if params[:range]
    raise NotImplementedError, '#get_object with :range not supported yet'
  end
  envelope_location, instruction_file_suffix = envelope_options(params)
  req = @client.build_request(:get_object, params)
  req.handlers.add(DecryptHandler)
  req.context[:encryption] = {
    key_provider: @key_provider,
    envelope_location: envelope_location,
    instruction_file_suffix: instruction_file_suffix,
  }
  req.send_request
end

#put_object(params = {}) ⇒ Object

Uploads an object to Amazon S3, encrypting data client-side. See S3::Client#put_object for documentation on accepted request parameters.

See Also:

  • S3::Client#put_object

209
210
211
212
213
214
215
216
217
218
# File 'aws-sdk-resources/lib/aws-sdk-resources/services/s3/encryption/client.rb', line 209

def put_object(params = {})
  req = @client.build_request(:put_object, params)
  req.handlers.add(EncryptHandler, priority: 95)
  req.context[:encryption] = {
    materials: @key_provider.encryption_materials,
    envelope_location: @envelope_location,
    instruction_file_suffix: @instruction_file_suffix,
  }
  req.send_request
end