Documentation ¶
Index ¶
Constants ¶
const DefaultMinFileSize = 1024 * 512 * 5
DefaultMinFileSize is used to check whether we want to write to a temp file or store the data in memory.
const EncryptionContext = "EncryptionContext"
EncryptionContext is used to extract Encryption Context to use on a per-request basis
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EncryptionClientOptions ¶
type EncryptionClientOptions struct { // TempFolderPath is used to store temp files when calling PutObject // Temporary files are needed to compute the X-Amz-Content-Sha256 header TempFolderPath string // MinFileSize is the minimum size for the content to write to a // temporary file instead of using memory MinFileSize int64 // The logger to write logging messages to Logger *log.Logger // The CryptographicMaterialsManager to use to manage encryption and decryption materials CryptographicMaterialsManager materials.CryptographicMaterialsManager // EnableLegacyUnauthenticatedModes MUST be set to true in order to decrypt objects encrypted //using legacy (unauthenticated) modes such as AES/CBC EnableLegacyUnauthenticatedModes bool }
EncryptionClientOptions is the configuration options for the S3 Encryption Client.
type GetObjectAPIClient ¶
type GetObjectAPIClient interface {
GetObject(context.Context, *s3.GetObjectInput, ...func(*s3.Options)) (*s3.GetObjectOutput, error)
}
GetObjectAPIClient is a client that implements the GetObject operation
type PutObjectAPIClient ¶
type PutObjectAPIClient interface {
PutObject(context.Context, *s3.PutObjectInput, ...func(*s3.Options)) (*s3.PutObjectOutput, error)
}
PutObjectAPIClient is a client that implements the PutObject operation
type S3EncryptionClientV3 ¶
type S3EncryptionClientV3 struct { *s3.Client // promoted anonymous field, it allows this type to call s3 Client methods Options EncryptionClientOptions // options for encrypt/decrypt }
S3EncryptionClientV3 provides client-side encryption for S3. The client embeds a default client to provide support for control plane operations which do not involve encryption.
func New ¶
func New(s3Client *s3.Client, CryptographicMaterialsManager materials.CryptographicMaterialsManager, optFns ...func(options *EncryptionClientOptions)) (*S3EncryptionClientV3, error)
New creates a new S3 Encryption Client v3 with the given CryptographicMaterialsManager
func (*S3EncryptionClientV3) GetObject ¶
func (c *S3EncryptionClientV3) GetObject(ctx context.Context, input *s3.GetObjectInput, optFns ...func(*s3.Options)) (*s3.GetObjectOutput, error)
GetObject will make a request to s3 and retrieve the object. In this process decryption will be done. The SDK only supports region reads of KMS and GCM.
func (*S3EncryptionClientV3) PutObject ¶
func (c *S3EncryptionClientV3) PutObject(ctx context.Context, input *s3.PutObjectInput, optFns ...func(*s3.Options)) (*s3.PutObjectOutput, error)
PutObject will make encrypt the contents before sending the data to S3. Depending on the MinFileSize a temporary file may be used to buffer the encrypted contents to.