Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing x-amz-server-side-encryption header when creating folders #9378

Closed
cyberduck opened this issue Mar 22, 2016 · 5 comments
Closed

Missing x-amz-server-side-encryption header when creating folders #9378

cyberduck opened this issue Mar 22, 2016 · 5 comments
Assignees
@dkocher
Labels
bug fixed s3 AWS S3 Protocol Implementation
Milestone
6.2

Comments

@cyberduck
Copy link
Collaborator

bc6d0fa created the issue

Steps to replicate:

  1. Create a new bucket and apply the bucket policy from this page: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
  2. Connect using Cyberduck and enable server side encryption in the preferences.
  3. Try to upload a normal file and it should work.
  4. Create a new folder and it would fail.

Creating a new folder via the AWS CLI works:

aws s3api put-object --server-side-encryption AES256 --key test/ --bucket

Setting the s3.metadata.default to include the encryption header doesn't work either. It seems like creating a new folder doesn't include the x-amz-server-side-encryption header.
@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 4e5aba2.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We use the following bucket policy for testing

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyIncorrectEncryptionHeader",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        },
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 95e6c76.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 7fea217.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Milestone renamed

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug fixed s3 AWS S3 Protocol Implementation
Projects
None yet
Milestone
6.2
Development

No branches or pull requests
2 participants
@dkocher @cyberduck