Subscribe to Email Updates

    encryption S3 | 1 min read

    Setup SSE to encrypt S3 Buckets

    Description

    S3 connector is compatible with the Server-side encryption. This encryption solution is about protecting data at rest, its encrypts only the object data, not object metadata. The three types of Amazon's Server-Site Encryption is supported in the product : 
    • SSE-S3
    • SSE-C
    • SSE-KMS

     

    SSE-S3 uses Amazon S3-managed encryption keys

    It is a Server-side encryption protects data at rest. The S3 storage encrypts each data with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly.

    S3 server-side encryption uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256).

    SSE-C uses customer-provided encryption keys

    Using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your own encryption keys. With the encryption key you provide as part of your request, Amazon S3 manages the encryption as it writes to disks and decryption when you access your objects.

    It is important to understand is that the only thing to do is to manage the encryption keys you provide.

    When a file is copied to the Cloud S3 storage, the S3 storage uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory.

    When you retrieve the file, you must provide the same encryption key. The S3 storage first verifies that the encryption key you provided matches and then decrypts the object before returning the data to you.

    SSE-KMS uses the master key which you manage in AWS KMS

    Server-side encryption is the encryption of data at its destination by the application or service that receives it.

    AWS Key Management Service (AWS KMS) is a service that combines secure, highly available hardware and software to provide a key management system scaled for the cloud. It uses AWS KMS customer master keys (CMKs) to encrypt your data. AWS KMS encrypts only the object data. Any object metadata is not encrypted.

     

    Related Categories

    encryption S3

    You may also like:

    encryption Knowledge Base

    SSE Usages recommandations

    SSE Usage recommendations Well know situation :  You don't specify a file with a 32 char key   Situation : The SSE requi...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.

    Get the free version