Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

state/remote/s3: Allows KMS Key Encryption setting when using S3 backend with encrypt #2903

Merged
merged 3 commits into from
Jan 20, 2016
Merged

state/remote/s3: Allows KMS Key Encryption setting when using S3 backend with encrypt #2903

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ba8f1fa
Add support S3 server side encryption with KMS.
kjmkznr Jul 31, 2015
576b2d1
Change KMS Key ID configuration name to used in other
kjmkznr Oct 7, 2015
9186c29
Fix typo
kjmkznr Oct 7, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion state/remote/s3.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ func s3Factory(conf map[string]string) (Client, error) {
if raw, ok := conf["acl"]; ok {
acl = raw
}
kmsKeyID := conf["kms_key_id"]

accessKeyId := conf["access_key"]
secretAccessKey := conf["secret_key"]
Expand Down Expand Up @@ -84,6 +85,7 @@ func s3Factory(conf map[string]string) (Client, error) {
keyName: keyName,
serverSideEncryption: serverSideEncryption,
acl: acl,
kmsKeyID: kmsKeyID,
}, nil
}

Expand All @@ -93,6 +95,7 @@ type S3Client struct {
keyName string
serverSideEncryption bool
acl string
kmsKeyID string
}

func (c *S3Client) Get() (*Payload, error) {
Expand Down Expand Up @@ -145,7 +148,12 @@ func (c *S3Client) Put(data []byte) error {
}

if c.serverSideEncryption {
i.ServerSideEncryption = aws.String("AES256")
if c.kmsKeyID != "" {
i.SSEKMSKeyId = &c.kmsKeyID
i.ServerSideEncryption = aws.String("aws:kms")
} else {
i.ServerSideEncryption = aws.String("AES256")
}
}

if c.acl != "" {
Expand Down