-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Encryption on amazon s3
By default, objects uploaded to S3 do not get encrypted by Amazon servers before being stored on disk.
Add the s3_server_side_encryption option to enable server side encryption by Amazon servers before your objects are committed to disk.
has_attached_file :file, s3_permissions: :private,
s3_server_side_encryption: "AES256"This adds the x-amz-server-side-encryption header upon upload by Paperclip, which triggers encryption by amazon.
Keep in mind these options will have no effect if you use fog as your storage provider (even if you are using AWS as your fog provider). Check https://github.com/thoughtbot/paperclip/pull/1496 for more details.
Presumably, SSL is being used to encrypt data transferred between clients and servers.
However, if explicit client side encryption is needed from your server to S3, an encryption pre-processor would be needed.
If explicit client side encryption from your client to your server, this must be handled outside the scope of paperclip with a client-side encryption library.