O'Reilly logo

Amazon S3 Cookbook by Naoya Hashimoto

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

How to protect data using client-side encryption

To protect data using client-side encryption with AWS KMS-managed Customer Master Key (CMK) and client-side master key, you can specify client-side encryption using AWS SDKs. You can choose two options to manage the encryption keys:

When using client-side encryption, AWS SDKs use Amazon S3 encryption client to encrypt data and the data is encrypted before sending to the S3 bucket. Amazon S3 just receives encrypted data and does not encrypt or decrypt the data. Client-side encryption has two options for using encryption keys.

AWS KMS-managed customer master key (CMK)

When using the Amazon S3 encryption client in the AWS SDK, the client calls AWS KMS to verify that the user is allowed to use the customer ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required