Documentation
¶
Overview ¶
Package sse provides server-side encryption helpers for object operations.
Package sse provides Server-Side Encryption (SSE) support for S3-compatible storage.
This package implements three SSE modes:
- SSE-S3: Server-managed encryption with AES-256
- SSE-C: Customer-provided encryption keys
- SSE-KMS: AWS Key Management Service (KMS) encryption
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidKeySize is returned when SSE-C key is not 256 bits (32 bytes) ErrInvalidKeySize = errors.New("sse: encryption key must be 256 bits (32 bytes)") // ErrNoEncryptionConfig is returned when no encryption configuration is found ErrNoEncryptionConfig = errors.New("sse: bucket has no encryption configuration") )
Functions ¶
This section is empty.
Types ¶
type ApplySSEByDefault ¶
type ApplySSEByDefault struct {
SSEAlgorithm string `xml:"SSEAlgorithm"` // AES256 or aws:kms
KMSMasterKeyID string `xml:"KMSMasterKeyID,omitempty"` // KMS key ID for aws:kms
}
ApplySSEByDefault specifies the default encryption settings
type C ¶ added in v1.0.5
C represents SSE-C encryption (customer-provided keys)
func (*C) ApplyCopyHeaders ¶ added in v1.0.5
ApplyCopyHeaders applies SSE-C headers for copy source
func (*C) ApplyHeaders ¶ added in v1.0.5
ApplyHeaders applies SSE-C headers to the request
type Configuration ¶
type Configuration struct {
XMLName xml.Name `xml:"ServerSideEncryptionConfiguration"`
Rules []Rule `xml:"Rule"`
}
Configuration represents bucket-level default encryption configuration
func NewConfiguration ¶ added in v1.0.5
func NewConfiguration() *Configuration
NewConfiguration creates a default SSE-S3 bucket encryption configuration
func NewKMSConfiguration ¶ added in v1.0.5
func NewKMSConfiguration(keyID string) *Configuration
NewKMSConfiguration creates an SSE-KMS bucket encryption configuration
type Encrypter ¶ added in v1.0.5
Encrypter is the interface that wraps the ApplyHeaders method.
ApplyHeaders applies the appropriate SSE headers to an HTTP request.
type KMS ¶ added in v1.0.5
KMS represents SSE-KMS encryption (AWS KMS-managed keys)
func (*KMS) ApplyHeaders ¶ added in v1.0.5
ApplyHeaders applies SSE-KMS headers to the request
type Rule ¶
type Rule struct {
ApplySSEByDefault ApplySSEByDefault `xml:"ApplyServerSideEncryptionByDefault"`
BucketKeyEnabled bool `xml:"BucketKeyEnabled,omitempty"`
}
Rule defines a server-side encryption rule
type S3 ¶ added in v1.0.5
type S3 struct{}
S3 represents SSE-S3 encryption (server-managed keys)
func (*S3) ApplyHeaders ¶ added in v1.0.5
ApplyHeaders applies SSE-S3 headers to the request
Source Files