S3 encryption header

[Christophe Pettus]

Is there a way of setting the S3 encryption header for WAL-E? My understanding is that to get S3 bucket encryption going, it has to be set on a per-request basis.

--
-- Christophe Pettus
x...@thebuild.com

[Daniel Farina]

On Tue, Dec 1, 2015 at 12:29 PM Christophe Pettus <x...@thebuild.com> wrote:

Is there a way of setting the S3 encryption header for WAL-E?  My understanding is that to get S3 bucket encryption going, it has to be set on a per-request basis.

I believe this has been the case for some time:

$ git describe 9b6ede3eee74b98bb6187377ed42dc0a54ce5459

v0.7.0-15-g9b6ede3

$ git branch --contains 9b6ede3eee74b98bb6187377ed42dc0a54ce5459 -r | fgrep v0.8

  wal-e/v0.8

$ git show 9b6ede3eee74b98bb6187377ed42dc0a54ce5459

commit 9b6ede3eee74b98bb6187377ed42dc0a54ce5459

Author: raananraz <raana...@gmail.com>

Date:   Mon May 5 11:16:13 2014 +0300

    Require use of S3 server side encryption

    

    So far, it does not appear as though it has any obvious performance or

    usability impacts.

diff --git a/wal_e/blobstore/s3/s3_util.py b/wal_e/blobstore/s3/s3_util.py

index 6828ec3..469d305 100644

--- a/wal_e/blobstore/s3/s3_util.py

+++ b/wal_e/blobstore/s3/s3_util.py

@@ -51,7 +51,7 @@ def uri_put_file(creds, uri, fp, content_encoding=None, conn=None):

     if content_encoding is not None:

         k.content_type = content_encoding

 

-    k.set_contents_from_file(fp)

+    k.set_contents_from_file(fp, encrypt_key=True)

     return k

[Christophe Pettus]

On Dec 1, 2015, at 1:40 PM, Daniel Farina <dan...@heroku.com> wrote:
> I believe this has been the case for some time:

Excellent, thanks!

[bi...@builtbykrit.com]

So WAL-E uses S3 bucker encryption by default?

[Daniel Farina]

On Thu, Jun 2, 2016 at 9:02 AM <bi...@builtbykrit.com> wrote:

So WAL-E uses S3 bucker encryption by default?

Yeah. It sets the header for the simplest form of that.