AWS SDK for Ruby
Developer Guide

Decrypting an Amazon S3 Bucket Object with a Private Key

The following example uses the get_object method to get the object my_item from the bucket my_bucket in the us-west-2 region. Then it decrypts the contents with the PKey class.

Choose Copy to save the code locally.

Create the file decrypt_object_csepk.rb.

Add the required Amazon S3 and OpenSSL gems.


Version 2 of the AWS SDK for Ruby didn't have service-specific gems.

require 'aws-sdk-s3' # v2: require 'aws-sdk' require 'openssl'

Get the pass phrase from the command line.

if ARGV.empty?() puts 'You must supply a pass phrase' exit 1 end pass_phrase = ARGV[0]

Set the bucket name, object name, and name of the private key file.

bucket = 'my_bucket' item = 'my_item' key_file = 'private_key.pem'

Create an RSA key from the contents of the key file and passphrase.

private_key = File.binread(key_file) key =, passphrase)

Create an Amazon S3 encryption client, call get_object, get the contents of the object as text and print out the object's contents.

enc_client = key) resp = enc_client.get_object(bucket: bucket, key: item) puts

See the complete example on GitHub.