Cyberduck Mountain Duck CLI

#9426 closed feature (fixed)

Option to use AWS KMS–Managed Keys (SSE-KMS) for server side encryption

Reported by: jmgtan Owned by: dkocher
Priority: normal Milestone: 5.0
Component: s3 Version: 4.9
Severity: normal Keywords: s3
Cc: Architecture: PPC


Add support for S3 SSE-KMS (see: This would enable users to input their KMS Key Id, and Cyberduck can send this key id as part of the upload request.

In the context of AWS CLI commands, you can check out this documentation:

You can specify the KMS Key Id by using --ssekms-key-id parameter.

Change History (4)

comment:1 Changed on Apr 8, 2016 at 6:45:29 AM by dkocher

  • Status changed from new to assigned

comment:2 Changed on Apr 22, 2016 at 11:51:05 AM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r20230. Currently there is no option to select a key but the default key configured in KMS.

comment:3 Changed on Apr 22, 2016 at 12:19:25 PM by dkocher

  • Summary changed from Add Support for S3 SSE-KMS to Option to use AWS KMS–Managed Keys (SSE-KMS) for server side encryption

We plan to add support to select specific keys to use per bucket in a later version.

comment:4 Changed on May 21, 2016 at 6:03:56 PM by dkocher

Allow selection of encrypstion keys managed in AWS-KMS in r20414.

Note: See TracTickets for help on using tickets.