SSE Usage recommendations
Well know situation :
You don't specify a file with a 32 char key
Situation : The SSE required a 32 char key to be able to encrypt the contents which are sent to the bucket. Make sure that you include a 32 char key for having the feature working properly.
Situation : The uploader key file can include multiple keys, be careful about the syntax and file organization :
- first line is always the main encryption / decryption key
- second lines are always the decryption keys
Example : If you want to change the key every month (for encryption), you will store the last key in the first line, and store all previous keys in the next lines ; this to keep the possibility to decrypt the files which have been stored and encrypted with this key.
- 01234567890123456789012345678911 is the key used to encrypt - decrypt datas
- 11234567890123456789012345678911 is a previous key which is still required to decrypt the data
- 21234567890123456789012345678911 is a previous key which is still required to decrypt the data
Bucket Encryption Configuration Changes
Situation : You store data in a bucket from a while and after a certain time, you decide to set an encryption option.
This change only impact the new data which will be encrypted and keep all previous written files not encrypted.
In an S3 object storage supporting SSE, we can easily see icons showing the encrypted files :