Bucket Encryption Made Easy: How to Upload and Download Encrypted Files to Your Object Storage

We now support SSE-C encryption for files in Object Storage. This new feature allows you to encrypt your files during upload.

Once a file has been uploaded with an encryption key, only the user who has that key can download and view the contents of the file.

Customers in data-sensitive markets will appreciate this new feature.

For this tutorial, we will use the AWS CLI to upload and download files.


Step-by-step guide

  1. Create a bucket in the Cloud Panel or use an existing object store and make sure it has the appropriate access key.

We will use an existing bucket for this tutorial. There is currently one file in this object store.

  1. Configure your AWS CLI
aws configure
AWS Access Key ID [****************FMF2]:
AWS Secret Access Key [****************G4Rm]:
Default region name [eu-central-1]:
Default output format [json]:

In turn, you will be asked to set the various parameters in your CLI so that it can access your bucket.

Note: You can find the secret of your access key in the corresponding tab in the Object Storage.

  1. Verify that the S3API can access the bucket
aws s3api list-buckets --endpoint https://gos3.io
  1. Create an encrypted file
secret=$(echo $RANDOM | md5 | head -c 32)
key=$(echo -n $secret | base64)
key_md5=$(echo -n $secret | openssl dgst -md5 -binary | base64)
  1. Create a folder and a file
mkdir encryption
cd encryption
touch test.txt
  1. Upload the file you just created to your bucket
aws s3api --endpoint=https://gos3.io put-object \
  --bucket my-first-bucket \
  --key test.txt \
  --sse-customer-algorithm AES256 \
  --sse-customer-key $key \
  --sse-customer-key-md5 $key_md5

You should now see the file in your bucket. Note that you cannot open encrypted items in the Cloud Panel.

  1. Now download the file again
aws s3api --endpoint=https://gos3.io get-object \
  --bucket my-first-bucket \
  --key test.txt \
  --sse-customer-algorithm AES256 \
  --sse-customer-key $key \
  --sse-customer-key-md5 $key_md5 test-

Important: Rename the file you want to download or the existing file will be overwritten.

  1. Verify that the download was successful

If everything works, the downloaded file should show up in your folder.