Amazon S3 Server-Side Encryption using GSUtil

If you would like to enable server-side encryption which is a relatively new feature for your Amazon S3 data using GSUtil then you need specify the header value when pushing files to their cloud.

$ gsutil -h "x-amz-server-side-encryption: AES256" cp /backups/files* s3://bucket

Note that server-side encryption protects your data at rest and that Amazon is managing the keys on your behalf by default, see post here. A better practice is to provide the encryption and decryption before and after you send and receive your data from S3.

This entry was posted in security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>