ActiveStorage client-side encryption

I’d like to do direct uploads to AWS S3 with client-side encryption so that data is already encrypted when being sent over the wire.

  • Is this feature on the roadmap for ActiveStorage?
  • Does that sound like a good idea?

I have just started building this. It does not support the whole feature set but it can already be used to upload and download encrypted files to S3. If there is interest, I am happy to create a PR for further discussion.

I am certainly one of the people interested in this, so please do.

Dne úterý 15. května 2018 16:29:43 UTC+2 Arne Zeising napsal(a):

I have a similar question, but in my case, I’d just like for the request to include the header “x-amz-server-side-encryption: aws:kms”

This way encryption is done on the bucket. Without this, direct upload requests end with a 403.

Is there anyway to set this header? Or is there some policy that I can set on the bucket that automatically encrypts with KMS regardless of this header being present?

fwiw, I wrote a post on how to do client-side encryption with ActiveStorage.