Heeft deze informatie u geholpen?
Hoe kunnen we dit artikel nog verbeteren?
In this key security feature, all data is encrypted before it is stored. This occurs regardless of whether the data is encrypted at the source. This data protection feature can not be disabled. Two options for server-side encryption are supported:
This example illustrates how customers can use S3 Server-side encryption with client-provided (SSE-C) encryption keys.
Let us first list current objects in the bucket so that any new object added to the bucket can be identified.
Use the following command to list contents of the bucket:
aws s3 ls ak-atempo1 --profile LCDemo --endpoint https://s3.us-east-1.lyvecloud.seagate.com
PRE docs/ PRE level1/ PRE topleveldir/ 2022-12-02 18:12:53 536 allprefixakcopy.json
Create a sample object. When creating a sample object, the object is unencrypted. However, S3 encrypts the object during the upload operation.
echo "Test SSE-C Key" > ssec.txt
Create a key to encrypt the object.
openssl rand 32 -out ssec.key
Using the following command, the object (ssec.txt
)is uploaded to S3. S3 encrypts the object using the provided key (ssec.key)
.
aws s3 cp ssec.txt s3://ak-atempo1/ssec.txt --sse-c AES256 --sse-c-key fileb://ssec.key --profile LCDemo --endpoint https://s3.us-east-1.lyvecloud.seagate.com
The following output occurs after the command is executed:
upload: ./ssec.txt to s3://ak-atempo1/ssec.txt
Use the following command to list the contents of the bucket. The new object (ssec.txt)
that is uploaded is listed,
aws s3 ls ak-atempo1 --profile LCDemo --endpoint https://s3.us-east-1.lyvecloud.seagate.com
PRE docs/ PRE level1/ PRE topleveldir/ 2022-12-02 18:12:53 536 allprefixakcopy.json 2023-01-25 16:24:56 15 ssec.txt
Using the following command, the object ssec.txt
is downloaded from S3. S3 decrypts the object using the key ssec.key
:
aws s3 cp s3://ak-atempo1/ssec.txt ssec-downloaded.txt --sse-c AES256 --sse-c-key fileb://ssec.key --profile LCDemo --endpoint https://s3.us-east-1.lyvecloud.seagate.com
The following output occurs after the command is executed:
download: s3://ak-atempo1/ssec.txt to ./ssec-downloaded.txt
Run the following command to check the content of the object downloaded from S3.
cat ssec-downloaded.txt
Test SSE-C Key
Lyve Cloud S3 Storage Resources Guide