Menu
Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Specifying Server-Side Encryption Using the AWS SDK for Ruby

When using the AWS SDK for Ruby to upload an object, you can specify that the object be stored encrypted at rest with server-side encryption (SSE). When you read the object back, it is automatically decrypted.

The following AWS SDK for Ruby – Version 2 sample demonstrates how to specify that a file uploaded to Amazon S3 be encrypted at rest.

Copy
require 'aws-sdk' s3 = Aws::S3::Resource.new(region:'us-west-2') obj = s3.bucket('my-bucket').object('key') obj.upload_file('local/path/to/file', :server_side_encryption => 'AES256')

For a sample that shows how to upload an object without SSE, see Upload an Object Using the AWS SDK for Ruby.

Determining the Encryption Algorithm Used

The following code sample demonstrates how to determine the encryption state of an existing object.

Copy
# Determine server-side encryption of an object. require 'aws-sdk' s3 = Aws::S3::Resource.new(region:'us-west-2') enc = obj = s3.bucket('bucket-name').object('key').server_side_encryption enc_state = (enc != nil) ? enc : "not set" puts "Encryption state is #{enc_state}."

If server-side encryption is not used for the object that is stored in Amazon S3, the method returns null.

Changing Server-Side Encryption of an Existing Object (Copy Operation)

To change the encryption state of an existing object, make a copy of the object and delete the source object. The Ruby API S3Object class has #copy_from and #copy_to methods that you can use to copy objects. Note that, by default, the copy methods will not encrypt the target, unless you explicitly request server-side encryption.  You can request the encryption of the target object by specifying the server_side_encryption value in the options hash argument as shown in the following Ruby code sample. The code sample demonstrates how to use the #copy_to method.

Copy
require 'aws-sdk' s3 = Aws::S3::Resource.new(region:'us-west-2') bucket1 = s3.bucket('source-bucket-name') bucket2 = s3.bucket('target-bucket-name') obj1 = bucket1.object('key') obj2 = bucket2.object('key') obj1.copy_to(obj2, :server_side_encryption => 'AES256')

For a sample of how to copy an object without encryption, see Copy an Object Using the AWS SDK for Ruby.