Java SDK 中的 Amazon S3 KMS 上传
Amazon S3 KMS Upload in Java SDK
我正在尝试使用 Amazon S3 服务器端加密 (KMS) 分段上传文件。我有点困惑我是否确实需要在我的代码中的任何地方使用 KMS 密钥,如果需要,那么如何将它添加到 Java 代码中?
--更新
private static void saveMultipartData(String clientRegion, String bucketName, String awsFilePath, File file) {
AmazonS3 s3client = AmazonS3Client.builder()
.withRegion(客户端区域)
.withCredentials(新的 AWSStaticCredentialsProvider(凭证))
.build();
ObjectMetadata objectMetadata = new ObjectMetadata();
PutObjectRequest putRequest = null;
try {
try {
putRequest = new PutObjectRequest(bucketName,
awsFilePath,
new FileInputStream(file),
objectMetadata);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
// Upload the object and check its encryption status.
putRequest.putCustomRequestHeader("x-amz-server-side-encryption","aws:kms");
putRequest.putCustomRequestHeader("x-amz-server-side-encryption-aws-kms-key-id","<<keyID>>");
TransferManager tm = TransferManagerBuilder.standard().withMinimumUploadPartSize(100L).withMultipartUploadThreshold(100L)
.withS3Client(s3client)
.build();
Upload upload = tm.upload(putRequest);
upload.waitForCompletion();
} catch (Exception e) {
e.printStackTrace();
}
}
虽然您的代码中不需要 KMS 密钥,但您的代码确实需要能够访问该密钥。我的意思是,例如,您使用一个环境变量来传递这个值——这样密钥就被隐藏了。一旦你有了密钥,就可以像这样进行分段上传:
InitiateMultipartUploadRequest initRequest = new
InitiateMultipartUploadRequest(bucketName, keyName);
initRequest.putCustomRequestHeader("x-amz-server-side-encryption", "aws:kms");
initRequest.putCustomRequestHeader("x-amz-server-side-encryption-aws-kms-key-id", kmsKey);
我正在尝试使用 Amazon S3 服务器端加密 (KMS) 分段上传文件。我有点困惑我是否确实需要在我的代码中的任何地方使用 KMS 密钥,如果需要,那么如何将它添加到 Java 代码中?
--更新 private static void saveMultipartData(String clientRegion, String bucketName, String awsFilePath, File file) { AmazonS3 s3client = AmazonS3Client.builder() .withRegion(客户端区域) .withCredentials(新的 AWSStaticCredentialsProvider(凭证)) .build();
ObjectMetadata objectMetadata = new ObjectMetadata();
PutObjectRequest putRequest = null;
try {
try {
putRequest = new PutObjectRequest(bucketName,
awsFilePath,
new FileInputStream(file),
objectMetadata);
} catch (FileNotFoundException e) {
e.printStackTrace();
}
// Upload the object and check its encryption status.
putRequest.putCustomRequestHeader("x-amz-server-side-encryption","aws:kms");
putRequest.putCustomRequestHeader("x-amz-server-side-encryption-aws-kms-key-id","<<keyID>>");
TransferManager tm = TransferManagerBuilder.standard().withMinimumUploadPartSize(100L).withMultipartUploadThreshold(100L)
.withS3Client(s3client)
.build();
Upload upload = tm.upload(putRequest);
upload.waitForCompletion();
} catch (Exception e) {
e.printStackTrace();
}
}
虽然您的代码中不需要 KMS 密钥,但您的代码确实需要能够访问该密钥。我的意思是,例如,您使用一个环境变量来传递这个值——这样密钥就被隐藏了。一旦你有了密钥,就可以像这样进行分段上传:
InitiateMultipartUploadRequest initRequest = new
InitiateMultipartUploadRequest(bucketName, keyName);
initRequest.putCustomRequestHeader("x-amz-server-side-encryption", "aws:kms");
initRequest.putCustomRequestHeader("x-amz-server-side-encryption-aws-kms-key-id", kmsKey);