Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Adding Additional Headers to Carrierwave for Amazon s3 Encryption

In short
In short I want to know if I can send additional headers through a carrierwave and fog connection to Amazon s3?

In depth
I recently found that amazon supports Client and Server side encryption of files. more info » http://docs.amazonwebservices.com/AmazonS3/latest/dev/SSEUsingRESTAPI.html

I'm currently using carrierwave in a rails app to upload files to amazon s3.
For server side encryption amazon asks for a header of x-amz-server-side-encryption=AES256 added to the request.

So I'm looking to figure out how to send additional headers through with my carrierwave and fog.

My thought was that maybe I could use the fog_attribute config line something like the following and maybe that might work but I'm not sure the fog_attribute is for partiular attribute or just a blanket header section.

config.fog_attributes = {'x-amz-server-side-encryption' => 'AES256','Cache-Control'=>'max-age=315576000'}  # optional, defaults to {}

So I finally got my app in shape to test this but unfortunately it didn't work.

I also found this: https://github.com/geemus/fog/commit/070e2565d3eb08d0daaa258ad340b6254a9c6ef2 commit in the fog repository that make me feel the fog_attributes method is for a defined list of attributes.

There has got to be a way to make this work. Anyone?

like image 387
JonathanSimmons Avatar asked Feb 02 '12 02:02

JonathanSimmons


2 Answers

I believe that should actually be correct, note however that I don't believe the server side encryption stuff has been released, so you would need to use edge fog to get this behavior. I hope to do a release soon though and then it should be good to go. If you find that you still can't get it working on edge let me know though and we'll try and see what can be done.

like image 78
geemus Avatar answered Oct 14 '22 06:10

geemus


I cannot speak about CarrierWave, but this works for saving files with AWS256 encryption with the (currently) standard Fog distribution:

file.attributes[:encryption ] = "AES256"
result = file.save()

However, that does not work for copying files. What works for copying is:

fogfile.copy(@bucket_archived, newfilename, {'x-amz-server-side-encryption' => 'AES256'})
like image 33
nachbar Avatar answered Oct 14 '22 05:10

nachbar