Skip to content

Commit

Permalink
Support KMS encryption context for S3 transfer commands
Browse files Browse the repository at this point in the history
  • Loading branch information
@robbie-demuth
robbie-demuth committed Mar 20, 2024
1 parent 8280ef3 commit 848ca51
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 2 deletions.
16 changes: 15 additions & 1 deletion awscli/customizations/s3/subcommands.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,19 @@
}


SSE_KMS_ENCRYPTION_CONTEXT = {
'name': 'sse-kms-encryption-context',
'help_text': (
'Specifies the Amazon Web Services KMS Encryption Context to use for'
'object encryption. The value of this header is a base64-encoded'
'UTF-8 string holding JSON with the encryption context key-value'
'pairs. This value is stored as object metadata and automatically'
'gets passed on to Amazon Web Services KMS for future GetObject or'
'CopyObject operations on this object.'
)
}


SSE_C_COPY_SOURCE = {
'name': 'sse-c-copy-source', 'nargs': '?',
'const': 'AES256', 'choices': ['AES256'],
Expand Down Expand Up @@ -432,7 +445,8 @@

TRANSFER_ARGS = [DRYRUN, QUIET, INCLUDE, EXCLUDE, ACL,
FOLLOW_SYMLINKS, NO_FOLLOW_SYMLINKS, NO_GUESS_MIME_TYPE,
SSE, SSE_C, SSE_C_KEY, SSE_KMS_KEY_ID, SSE_C_COPY_SOURCE,
SSE, SSE_C, SSE_C_KEY, SSE_KMS_KEY_ID,
SSE_KMS_ENCRYPTION_CONTEXT, SSE_C_COPY_SOURCE,
SSE_C_COPY_SOURCE_KEY, STORAGE_CLASS, GRANTS,
WEBSITE_REDIRECT, CONTENT_TYPE, CACHE_CONTROL,
CONTENT_DISPOSITION, CONTENT_ENCODING, CONTENT_LANGUAGE,
Expand Down
4 changes: 3 additions & 1 deletion awscli/customizations/s3/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,8 +601,10 @@ def _set_metadata_directive_param(cls, request_params, cli_params):
def _set_sse_request_params(cls, request_params, cli_params):
if cli_params.get('sse'):
request_params['ServerSideEncryption'] = cli_params['sse']
if cli_params.get('sse_kms_key_id'):
if cli_params.get('sse_kms_key_id'):
request_params['SSEKMSKeyId'] = cli_params['sse_kms_key_id']
if cli_params.get('sse_kms_encryption_context'):
request_params['SSEKMSEncryptionContext'] = cli_params['sse_kms_encryption_context']

@classmethod
def _set_sse_c_request_params(cls, request_params, cli_params):
Expand Down

0 comments on commit 848ca51

Please sign in to comment.