This repository has been archived by the owner on Jul 13, 2023. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Encryption on amazon s3
Evan Prothro edited this page Dec 11, 2013
·
8 revisions
By default, objects uploaded to S3 do not get encrypted by Amazon servers before being stored on disk.
Add the s3_server_side_encryption option to enable server side encryption by Amazon servers before your objects are committed to disk.
has_attached_file :file, s3_permissions: :private,
s3_server_side_encryption: :aes256This adds the x-amz-server-side-encryption header upon upload by Paperclip, which triggers encryption by amazon.
Note: Until Pull Request #1398 is merged and released, the above does not work, and the header must be manually added:
has_attached_file :file, s3_permissions: :private,
s3_headers: { "x-amz-server-side-encryption" => "AES256" }
If you need client side encryption, from your server to S3, you will need to use an encryption pre-processor.
If you need client side encryption, from your client to your server, you will need to handle this outside of paperclip with a client-side encryption library.