DescriptionS3 connector is compatible with the Server-side encryption. This encryption solution is about protecting data at rest, its encrypts only the object data, not object metadata. The three types of Amazon's Server-Site Encryption is supported in the product :
SSE-S3 uses Amazon S3-managed encryption keys
It is a Server-side encryption protects data at rest. The S3 storage encrypts each data with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly.
S3 server-side encryption uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256).
SSE-C uses customer-provided encryption keys
Using server-side encryption with customer-provided encryption keys (SSE-C) allows you to set your own encryption keys. With the encryption key you provide as part of your request, Amazon S3 manages the encryption as it writes to disks and decryption when you access your objects.
It is important to understand is that the only thing to do is to manage the encryption keys you provide.
When a file is copied to the Cloud S3 storage, the S3 storage uses the encryption key you provide to apply AES-256 encryption to your data and removes the encryption key from memory.
When you retrieve the file, you must provide the same encryption key. The S3 storage first verifies that the encryption key you provided matches and then decrypts the object before returning the data to you.
SSE-KMS uses the master key which you manage in AWS KMS
Server-side encryption is the encryption of data at its destination by the application or service that receives it.
AWS Key Management Service (AWS KMS) is a service that combines secure, highly available hardware and software to provide a key management system scaled for the cloud. It uses AWS KMS customer master keys (CMKs) to encrypt your data. AWS KMS encrypts only the object data. Any object metadata is not encrypted.