下面是我使用 KMS 服务器端加密将文件上传到 S3 的代码。但是,我收到异常“使用 AWS KMS 托管密钥的服务器端加密需要 HTTP 标头 x-amz-server-side-encryption : aws:kms”;
不确定在 Java 代码中将标头放在哪里来保存文件。
private static void saveServerSideEncryptedFileToAWS(String clientRegion, String bucketName, String awsFilePath, File file) {
AmazonS3 s3client = AmazonS3Client.builder()
.withRegion(clientRegion)
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.build();
ObjectMetadata objectMetadata = new ObjectMetadata();
//objectMetadata.setHeader("x-amz-server-side-encryption" , "aws:kms");
objectMetadata.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
PutObjectRequest putRequest = null;
try {
putRequest = new PutObjectRequest(bucketName,
awsFilePath,
new FileInputStream(file),
objectMetadata).withSSEAwsKeyManagementParams(new SSEAwsKeyManagementParams("arn:aws:kms:<<key>>"));
} catch (FileNotFoundException e) {
e.printStackTrace();
}
// Upload the object and check its encryption status.
PutObjectResult putResult = s3client.putObject(putRequest);
printEncryptionStatus(putResult);
}
通过一些打击和尝试我得到了答案... -- putRequest.putCustomRequestHeader("x-amz-服务器端加密","aws:kms");
要回答 Balaji 上面关于如何在 AWS SDKv2 中执行相同操作的问题,您需要在 PutObjectRequest 对象上使用属性 serverSideEncryption,即
final PutObjectRequest por = PutObjectRequest.builder()
.bucket(bucketName)
.key(key)
.contentLength((long) contentLength)
.ssekmsKeyId(kmsKey)
.serverSideEncryption("aws:kms")
.build();