Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)
AWS Documentation » Amazon Simple Storage Service (S3) » Developer Guide » Data Protection » Using Data Encryption » Using Server-Side Encryption » Specifying Server-Side Encryption Using the AWS SDK for Ruby
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

Specifying Server-Side Encryption Using the AWS SDK for Ruby

When using the AWS SDK for Ruby to upload an object, you can specify that the object be stored at rest encrypted by specifying an options hash server_side_encryption in the #write instance method. When you read the object back, it is automatically decrypted.

The following Ruby script sample demonstrates how to specify that a file uploaded to Amazon S3 be encrypted at rest.

# Upload a file and set server-side encryption.
key_name = File.basename(file_name)
s3.buckets[bucket_name].objects[key_name].write(:file => file_name, :server_side_encryption => :aes256)

For a working sample that shows how to upload an object, see Upload an Object Using the AWS SDK for Ruby.

Determining Encryption Algorithm Used

To check the encryption algorithm that is used for encrypting an object data at rest, use the #server_side_encryption method of the S3Object instance.  The following code sample demonstrates how to determine the encryption state of an existing object.

# Determine server-side encryption of an object.
enc = s3.buckets[bucket_name].objects[key_name].server_side_encryption
enc_state = (enc != nil) ? enc : "not set"
puts "Encryption of #{key_name} is #{enc_state}."

If server-side encryption is not used for the object that is stored in Amazon S3, the method returns a null.

Changing Server-Side Encryption of an Existing Object (Copy Operation)

To change the encryption state of an existing object, make a copy of the object and delete the source object. The Ruby API S3Object class has #copy_from and #copy_to methods that you can use to copy objects. Note that, by default, the copy methods will not encrypt the target, unless you explicitly request server-side encryption.  You can request the encryption of the target object by specifying the server_side_encryption value in the options hash argument as shown in the following Ruby code sample. The code sample demonstrates how to use the #copy_to method. 

s3 = AWS::S3.new

# Upload a file and set server-side encryption.
bucket1 = s3.buckets[source_bucket]
bucket2 = s3.buckets[target_bucket]
obj1 = bucket1.objects[source_key]
obj2 = bucket2.objects[target_key]

obj1.copy_to(obj2, :server_side_encryption => :aes256)

For a working sample of how to copy an object, see Copy an Object Using the AWS SDK for Ruby.

Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...