New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignores upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring s3:x-amz-server-side-encryption": "AES256
#10488
Comments
Hi. This is not solved, yet. When using Cyberduck to create a vault, the encryption header is missing. The expected header is present in PUT requests for ordinary files / folders, though. I am using version Here is a log
|
Thanks for the detailed log. |
Still not fixed. The required header is missing from subsequent/sub-directories, still: Here's the creation of the root folder
And here's the
The The IAM policy that is applied to the bucket&object path requires that every call to s3 that involves writing bytes to an object must include the "store with AES key managed by KMS" header. For testing purposes, you can:
to reproduce / test. |
Hi there. It took a bit of testing to narrow this one down, but I believe you will be able to reproduce this issue pretty easily.
Me:
macOS 10.14 (18A391)
Cyberduck 6.7.0 (28613)
The issue:
I have an AWS user with Administrator privileges.
This user can create and upload files at will via either the AWS Web UI or CyberDuck.
This user is not able to create a new Cryptomator vault, using Cyberduck.
How to reproduce:
0. make sure the S3 > Encryption setting is set to
SS3-S3 (AES 256)
in CyberDuck settingsHere's the bucket policy i am using.
MY_BUCKET_NAME
replaces the actual bucket name.Here's the User policy I am using; this is akin to root level access
Here's the Log from Cyberduck when connecting to the S3 bookmark with the Admin account detailed above. I am browsing a few directories deep to the location where I would like to create the Cryptomator vault:
And here's me trying to create a
test-folder
. This action susceeds.And here's the log from trying to create a
test-vault
. I get this error in Cyberduck:And here's the connection log. I clicked
try again
once before clicking cancel:There is nothing particurally useful in
console.app
even after turning Cyberduck debugging mode on:As soon as i remove the bucket policy, i have no issues creating the vault.
It appears that Cyberduck is ignoring my settings for S3 uploads, under the
Encryption
heading.Please let me know what else you need from me in order to reproduce & fix.
Thank you
The text was updated successfully, but these errors were encountered: