Class S3EncryptionClientV2
- Aws\Crypto\AbstractCryptoClientV2
-
Aws\S3\Crypto\S3EncryptionClientV2
uses
Aws\Crypto\Cipher\CipherBuilderTrait,
Aws\S3\Crypto\CryptoParamsTraitV2,
Aws\Crypto\DecryptionTraitV2,
Aws\Crypto\EncryptionTraitV2,
Aws\S3\Crypto\UserAgentTrait
- Namespace: Aws\S3\Crypto
- Located at S3/Crypto/S3EncryptionClientV2.php
Provides a wrapper for an S3Client that supplies functionality to encrypt data on putObject[Async] calls and decrypt data on getObject[Async] calls.
AWS strongly recommends the upgrade to the S3EncryptionClientV2 (over the S3EncryptionClient), as it offers updated data security best practices to our customers who upgrade. S3EncryptionClientV2 contains breaking changes, so this will require planning by engineering teams to migrate. New workflows should just start with S3EncryptionClientV2.
Note that for PHP versions of < 7.1, this class uses an AES-GCM polyfill for encryption since there is no native PHP support. The performance for large inputs will be a lot slower than for PHP 7.1+, so upgrading older PHP version environments may be necessary to use this effectively.
Example write path:
use Aws\Crypto\KmsMaterialsProviderV2; use Aws\S3\Crypto\S3EncryptionClientV2; use Aws\S3\S3Client; $encryptionClient = new S3EncryptionClientV2( new S3Client([ 'region' => 'us-west-2', 'version' => 'latest' ]) ); $materialsProvider = new KmsMaterialsProviderV2( new KmsClient([ 'profile' => 'default', 'region' => 'us-east-1', 'version' => 'latest', ], 'your-kms-key-id' ); $encryptionClient->putObject([ '@MaterialsProvider' => $materialsProvider, '@CipherOptions' => [ 'Cipher' => 'gcm', 'KeySize' => 256, ], '@KmsEncryptionContext' => ['foo' => 'bar'], 'Bucket' => 'your-bucket', 'Key' => 'your-key', 'Body' => 'your-encrypted-data', ]);
Example read call (using objects from previous example):
$encryptionClient->getObject([ '@MaterialsProvider' => $materialsProvider, '@CipherOptions' => [ 'Cipher' => 'gcm', 'KeySize' => 256, ], 'Bucket' => 'your-bucket', 'Key' => 'your-key', ]);
Methods Summary
- __construct ( Aws\S3\S3Client $client, string|null $instructionFileSuffix = null )
-
putObjectAsync ( array $args )
Encrypts the data in the 'Body' field of $args and promises to upload it to the specified location on S3.
-
putObject ( array $args )
Encrypts the data in the 'Body' field of $args and uploads it to the specified location on S3.
-
getObjectAsync ( array $args )
Promises to retrieve an object from S3 and decrypt the data in the 'Body' field.
-
getObject ( array $args )
Retrieves an object from S3 and decrypts the data in the 'Body' field.
Methods inherited from Aws\Crypto\AbstractCryptoClientV2
decrypt(),
encrypt(),
isSupportedCipher()
Methods Details
__construct (
Aws\S3\S3Client
$client,
string|null
$instructionFileSuffix = null
)
Parameters
Aws\S3\S3Client |
$client | The S3Client to be used for true uploading and retrieving objects from S3 when using the encryption client. |
| string|null | $instructionFileSuffix = null | Suffix for a client wide default when using instruction files for metadata storage. |
GuzzleHttp\Promise\PromiseInterface
putObjectAsync (
array
$args
)
Encrypts the data in the 'Body' field of $args and promises to upload it to the specified location on S3.
Note that for PHP versions of < 7.1, this operation uses an AES-GCM polyfill for encryption since there is no native PHP support. The performance for large inputs will be a lot slower than for PHP 7.1+, so upgrading older PHP version environments may be necessary to use this effectively.
Parameters
| array | $args | Arguments for encrypting an object and uploading it to S3 via PutObject. The required configuration arguments are as follows:
The optional configuration arguments are as follows:
|
Returns
GuzzleHttp\Promise\PromiseInterface |
Exceptions
| InvalidArgumentException Thrown when arguments above are not passed or are passed incorrectly. |
Aws\Result
putObject (
array
$args
)
Encrypts the data in the 'Body' field of $args and uploads it to the specified location on S3.
Note that for PHP versions of < 7.1, this operation uses an AES-GCM polyfill for encryption since there is no native PHP support. The performance for large inputs will be a lot slower than for PHP 7.1+, so upgrading older PHP version environments may be necessary to use this effectively.
Parameters
| array | $args | Arguments for encrypting an object and uploading it to S3 via PutObject. The required configuration arguments are as follows:
The optional configuration arguments are as follows:
|
Returns
Aws\ResultPutObject call result with the details of uploading the encrypted file. |
Exceptions
| InvalidArgumentException Thrown when arguments above are not passed or are passed incorrectly. |
GuzzleHttp\Promise\PromiseInterface
getObjectAsync (
array
$args
)
Promises to retrieve an object from S3 and decrypt the data in the 'Body' field.
Parameters
| array | $args | Arguments for retrieving an object from S3 via GetObject and decrypting it. The required configuration argument is as follows:
The optional configuration arguments are as follows:
|
Returns
GuzzleHttp\Promise\PromiseInterface |
Exceptions
| InvalidArgumentException Thrown when required arguments are not passed or are passed incorrectly. |
Aws\Result
getObject (
array
$args
)
Retrieves an object from S3 and decrypts the data in the 'Body' field.
Parameters
| array | $args | Arguments for retrieving an object from S3 via GetObject and decrypting it. The required configuration argument is as follows:
The optional configuration arguments are as follows:
|
Returns
Aws\ResultGetObject call result with the 'Body' field wrapped in a decryption stream with its metadata information. |
Exceptions
| InvalidArgumentException Thrown when arguments above are not passed or are passed incorrectly. |
Constants summary
string |
CRYPTO_VERSION
|
#
'2.1'
|