From 3d9e73d1e2d3fc30c7be65b6755e76c7702ae5b4 Mon Sep 17 00:00:00 2001 From: matejnedic Date: Thu, 19 Sep 2024 16:44:25 +0200 Subject: [PATCH] Add docs --- docs/src/main/asciidoc/s3.adoc | 72 ++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/docs/src/main/asciidoc/s3.adoc b/docs/src/main/asciidoc/s3.adoc index 8a7df66a7..168e72a29 100644 --- a/docs/src/main/asciidoc/s3.adoc +++ b/docs/src/main/asciidoc/s3.adoc @@ -127,6 +127,78 @@ try (OutputStream outputStream = s3Resource.getOutputStream()) { } ---- +=== S3 Client Side Encryption + +AWS offers encryption library which is integrated inside of S3 Client called https://docs.aws.amazon.com/amazon-s3-encryption-client/latest/developerguide/what-is-s3-encryption-client.html [S3EncryptionClient]. +With encryption client you are going to encrypt your files before sending them to S3 bucket. + +To autoconfigure Encryption Client simply add the following dependency. + +[source,xml] +---- + + software.amazon.encryption.s3 + amazon-s3-encryption-client-java + +---- + +We are supporting 3 types of encryption. + +1. To configure encryption via KMS key specify 'spring.cloud.aws.s3.encryption.keyId' with KMS key arn and this key will be used to encrypt your files. + +2. Asymmetric encryption is possible via RSA to enable it you will have to implement 'io.awspring.cloud.autoconfigure.s3.S3RsaProvider' + +!Note you will have to manage storing private and public keys yourself otherwise you won't be able to decrypt the data later. +Example of simple RSAProvider: + +[source,java,indent=0] +---- +import io.awspring.cloud.autoconfigure.s3.S3RsaProvider; +import java.security.KeyPair; +import java.security.KeyPairGenerator; + +public class MyRsaProvider implements S3RsaProvider { + @Override + public KeyPair generateKeyPair() { + try { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); + keyPairGenerator.initialize(2048); + return keyPairGenerator.generateKeyPair(); + } + catch (Exception e) { + return null; + } + } +} +---- + +3. Last option is if you want to use symmetric algorithm, this is possible via `io.awspring.cloud.autoconfigure.s3.S3AesProvider` + +!Note you will have to manage storing storing private key! +Example of simple AESProvider: + +[source,java,indent=0] +---- +import io.awspring.cloud.autoconfigure.s3.S3AesProvider; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +public class MyAesProvider implements S3AesProvider { + @Override + public SecretKey generateSecretKey() { + try { + KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); + keyGenerator.init(256); + return keyGenerator.generateKey(); + } + catch (Exception e) { + return null; + } + } +} +---- + + ==== S3 Output Stream Under the hood by default `S3Resource` uses a `io.awspring.cloud.s3.InMemoryBufferingS3OutputStream`. When data is written to the resource, is gets sent to S3 using multipart upload.