Hello Rohit,
We use Amazonica to read files from a bucket encrypted with Server-Side
Encryption (SSE).
The way to do it depends on the way the files were encrypted. If the KMS
key was "associated" with the encrypted file (not sure if I'm using the
correct terminology, I'm no AWS expert) and the instance/role has IAM
permission for that KMS key, it should be enough to add :encryption true to
the parameters map:
(require '[amazonica.aws.s3 :as s3])
(s3/get-object {:bucket-name "mybucket", :key "/foo/bar", :encryption true}
If you need to set the KMS key explicitly, what worked for us is adding
:sse-aws-key-management-params
{:aws-kms-key-id "<encryption key name here>"} to the same parameters map.
Try this out, if it doesn't work I'll try to understand how our code works
a little better. But ultimately we'll make it work for you;).
On Friday, February 23, 2018 at 2:48:48 AM UTC+2, Rohit Thadani wrote:
>
> Hi,
>
> I am trying to use the amazonica s3 library to get s3 objects trhat have
> been encrypted using the KMSEncryptionMaterials but I cant seem to
> understand how to do it with the library i.e how do i set the encryption
> materials and then create the appropriate client
>
> The equivalent java code to do this would be like this
> KMSEncryptionMaterialsProvider encryptionMaterialsProvider = new
> KMSEncryptionMaterialsProvider("<encryption key here>");
> CryptoConfiguration config = new CryptoConfiguration();
>
> config.setAwsKmsRegion(Region.getRegion(Regions.valueOf(profile.getRegion())));
> return AmazonS3EncryptionClientBuilder.standard()
> .withRegion(Regions.valueOf(profile.getRegion()))
> .withEncryptionMaterials(encryptionMaterialsProvider)
> .withCryptoConfiguration(config)
> .build();
>
>
> any help would be greatly appreciated
>
> Thanks
> Rohit.
>
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to [email protected]
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups
"Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
