Bucket Encryption Made Easy: How to Upload and Download Encrypted Files to Your Object Storage

We now support SSE-C encryption for files in Object Storage. This new feature allows you to encrypt your files during upload.

Once a file has been uploaded with an encryption key, only the user who has that key can download and view the contents of the file.

Customers in data-sensitive markets will appreciate this new feature.

For this tutorial, we will use the AWS CLI to upload and download files.

Prerequisites:

Install the AWS CLI

Step-by-step guide

Create a bucket in the Cloud Panel or use an existing object store and make sure it has the appropriate access key.

We will use an existing bucket for this tutorial. There is currently one file in this object store.

Configure your AWS CLI

aws configure
AWS Access Key ID [****************FMF2]:
AWS Secret Access Key [****************G4Rm]:
Default region name [eu-central-1]:
Default output format [json]:

In turn, you will be asked to set the various parameters in your CLI so that it can access your bucket.

Note: You can find the secret of your access key in the corresponding tab in the Object Storage.

Verify that the S3API can access the bucket

aws s3api list-buckets --endpoint https://gos3.io

Create an encrypted file

secret=$(echo $RANDOM | md5 | head -c 32)
key=$(echo -n $secret | base64)
key_md5=$(echo -n $secret | openssl dgst -md5 -binary | base64)

Create a folder and a file

mkdir encryption
cd encryption
touch test.txt

Upload the file you just created to your bucket

aws s3api --endpoint=https://gos3.io put-object \
  --bucket my-first-bucket \
  --key test.txt \
  --sse-customer-algorithm AES256 \
  --sse-customer-key $key \
  --sse-customer-key-md5 $key_md5

You should now see the file in your bucket. Note that you cannot open encrypted items in the Cloud Panel.

Now download the file again

aws s3api --endpoint=https://gos3.io get-object \
  --bucket my-first-bucket \
  --key test.txt \
  --sse-customer-algorithm AES256 \
  --sse-customer-key $key \
  --sse-customer-key-md5 $key_md5 test-
downloaded.txt

Important: Rename the file you want to download or the existing file will be overwritten.

Verify that the download was successful

If everything works, the downloaded file should show up in your folder.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by us, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_YXMZ98M2VB	2 years	This cookie is installed by us for Analytics.
_gid	1 day	Installed by us, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
mautic_device_id	1 year	This cookie is set by the provider Mautic.This cookie is used for identifying visitor across visits and devices. Mautic cookies are used for supporting marketing activities.
mautic_referer_id	30 minutes	This cookie is set by the provider Mautic. This cookie is used for marketing purposes. It heps in tracking people submitting forms.
mtc_id	session	This cookie is set by the provider Mautic.This cookie is used for setting unique ID for visitor, to track visitor across multiple websites inorder to serve them with relevant advertisements. Mautic cookies are used for supporting marketing activities.
mtc_sid	session	This cookie is set by the provider Mautic.This cookie is used for setting unique ID for visitor, to track visitor across multiple websites inorder to serve them with relevant advertisements. Mautic cookies are used for supporting marketing activities.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-64546682-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
AnalyticsSyncHistory	1 month	No description

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	5 months 27 days	No description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_chatwoot_session	session	No description available.
cw_conversation	1 year	No description

Cookie	Duration	Description
csrf_token	10 years	No description available.
new_session	session	No description available.
session_data	10 years	No description available.
show_cookie_banner	session	No description

On Demand Cloud

Private Cloud

Compute

Storage

Network

Database

Marketplace

On Demand Cloud

Private Cloud

Compute

Storage

Network

Database

Marketplace

On Demand Cloud

Private Cloud

Compute

Storage

Network

Database

Marketplace

Bucket Encryption Made Easy: How to Upload and Download Encrypted Files to Your Object Storage

Solutions

Compute

Dev Tools

Storage

Network

Community