Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server Side Encryption with KMS managed key requires HTTP header x-amz-server-side-encryption #666

Closed
cory-weiner opened this issue Feb 11, 2019 · 4 comments
Closed

Server Side Encryption with KMS managed key requires HTTP header x-amz-server-side-encryption #666

cory-weiner opened this issue Feb 11, 2019 · 4 comments
Labels
digitalocean Digital Ocean Spaces s3boto

Comments

@cory-weiner
Copy link

I am trying to setup server side encryption on my django app for file uploads. I am using s3Boto3Storage. I can't find clear documentation on how to implement server side encryption, and when trying to upload my file, I get the following error:

An error occurred (InvalidArgument) when calling the PutObject operation: Server Side Encryption with KMS managed key requires HTTP header x-amz-server-side-encryption : aws:kms

Here is what my settings look like:

AWS_ACCESS_KEY_ID = 'XXXX'
AWS_SECRET_ACCESS_KEY = 'XXXX'
AWS_STORAGE_BUCKET_NAME = 'tickets'
AWS_S3_ENDPOINT_URL = 'https://sfo2.digitaloceanspaces.com'
AWS_S3_FILE_OVERWRITE = False
AWS_S3_OBJECT_PARAMETERS = {
    'CacheControl': 'max-age=86400',
}
AWS_LOCATION = ''
AWS_DEFAULT_ACL = None
AWS_S3_ENCRYPTION = True

STATIC_URL = 'https://%s/%s/' % (AWS_S3_ENDPOINT_URL, AWS_LOCATION)
STATICFILES_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
@cory-weiner
Copy link
Author

I did manage to figure out saving the file to S3 (digitalocean) by adding some additional params:

AWS_S3_OBJECT_PARAMETERS = {
    'CacheControl': 'max-age=86400',
    "SSECustomerAlgorithm":'AES256',
    "SSECustomerKey":'at1TMx82nEy7SoAK8jHYanMQDVZMSLayXaaUvTc6CP0=',
    "SSECustomerKeyMD5":'LWkBoT3psNdTYez70TVHUQ==',
}

However, when I try to access the file using .open() I get the following:

botocore.exceptions.ClientError: An error occurred (400) when calling the HeadObject operation: Bad Request

@sww314 sww314 added digitalocean Digital Ocean Spaces s3boto labels May 13, 2019
@denisvlr
Copy link

I ran into the same issue (writing works, reading does not). I'm on AWS so I don't think it's specific to Digital Ocean. Did you find a solution @cory-weiner?

If I use boto3 directly it works:

import boto3
s3 = boto3.client('s3')
s3.get_object(Bucket=BUCKET,
    Key=path,
    SSECustomerKey=secret_key,
    SSECustomerAlgorithm='AES256')

So the issue seems to be in django-storages

@jschneier
Copy link
Owner

I think this is a dupe of #879.

@jschneier
Copy link
Owner

Dupe #879

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
digitalocean Digital Ocean Spaces s3boto
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cory-weiner @sww314 @jschneier @denisvlr