Menu
For copying file in S3, I am using vfs-s3-2.2.1.jar
I found S3FileObject class under com.intridea.io.vfs.provider.s3 package.
In which I am using public void copyFrom(final FileObject file, final FileSelector selector) method for copy file.
In this method I found following code :
try {
if (srcFile.getType().hasChildren()) {
destFile.createFolder();
// do server side copy if both source and dest are in S3 and using same credentials
} else if (srcFile instanceof S3FileObject) {
S3FileObject s3SrcFile = (S3FileObject)srcFile;
String srcBucketName = s3SrcFile.getBucket().getName();
String srcFileName = s3SrcFile.getS3Key();
String destBucketName = destFile.getBucket().getName();
String destFileName = destFile.getS3Key();
CopyObjectRequest copy = new CopyObjectRequest(
srcBucketName, srcFileName, destBucketName, destFileName);
if (srcFile.getType() == FileType.FILE && getServerSideEncryption()) {
ObjectMetadata meta = s3SrcFile.getObjectMetadata();
meta.setSSEAlgorithm(AES_256_SERVER_SIDE_ENCRYPTION);
copy.setNewObjectMetadata(meta);
}
getService().copyObject(copy);
} else if (srcFile.getType().hasContent() && srcFile.getURL().getProtocol().equals("file")) {
// do direct upload from file to avoid overhead of making a copy of the file
try {
File localFile = new File(srcFile.getURL().toURI());
destFile.upload(localFile);
} catch (URISyntaxException e) {
// couldn't convert URL to URI, but should still be able to do the slower way
super.copyFrom(file, selector);
}
} else {
super.copyFrom(file, selector);
}
} catch (IOException e) {
throw new FileSystemException("vfs.provider/copy-file.error", new Object[]{srcFile, destFile}, e);
} catch (AmazonClientException e) {
throw new FileSystemException("vfs.provider/copy-file.error", new Object[]{srcFile, destFile}, e);
} finally {
destFile.close();
}
In official reference it uses these method
withSourceSSECustomerKey(sseKey)
withDestinationSSECustomerKey(newSseKey);
In copyFrom method of vfs-s3-2.2.1.jar S3FileObject I can't find any method to set SSECustomerKey How can I achieve the same. Thanks for looking here.
401
Server-side encryption protects data at rest. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a key that it rotates regularly.
You have the following options for protecting data at rest in Amazon S3: Server-Side Encryption – Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects.
The main advantage of SSE-KMS over SSE-S3 is the additional level of security provided by permissions on the KMS key itself, allowing you to enable decryption only to authorized users or applications. SSE-KMS also provides an audit trail that shows when a CMK was used and by whom.
By default, Amazon S3 uses this KMS key for SSE-KMS. If you want to use a customer managed key for SSE-KMS, create the customer managed key before you configure SSE-KMS. Then, when you configure SSE-KMS for your bucket, specify the existing customer managed key.
I did not test but I look at the lib/code quickly - in https://github.com/abashev/vfs-s3/blob/branch-2.3.x/src/main/java/com/intridea/io/vfs/provider/s3/S3FileSystemConfigBuilder.java there is a method to set the server-side encryption
/**
* use server-side encryption.
*
* @param opts The FileSystemOptions.
* @param serverSideEncryption true if server-side encryption should be used.
*/
public void setServerSideEncryption(FileSystemOptions opts, boolean serverSideEncryption)
{
setParam(opts, SERVER_SIDE_ENCRYPTION, serverSideEncryption);
}
so before you're calling the copyFrom you can do
S3FileSystemConfigBuilder.getInstance().setServerSideEncryption(
S3FileSystemConfigBuilder.getInstance().getFileSystem().getFileSystemOptions(),
true);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
