By using AWS re:Post, you agree to the Terms of Use
/AWS KMS keys for encrypting data before uploading to Amazon S3 Glacier/

AWS KMS keys for encrypting data before uploading to Amazon S3 Glacier


I'm required to use an AWS KMS key for encrypting data in Amazon S3 Glacier. However, the AWS KMS encryption with customer-owned keys isn't directly supported in S3 Glacier. I want to use client-side encryption of the data (and encrypt the data before uploading it to Amazon S3 Glacier). Can I use the AWS KMS key for client-side encryption (for data outside of AWS)? Or, do I have to use an AWS SDK to encrypt the data with an AWS KMS key?

1 Answers
Accepted Answer

You can use the Amazon S3 client-side encryption to encrypt the data before sending it to S3. Amazon S3 client-side encryption supports AWS KMS as the root key provider. However, it's recommended to use the AWS Encryption SDK as it offers more features while supporting AWS KMS.

To enable client-side encryption, you have the following options:

  • Use an AWS KMS key stored in AWS Key Management Service (AWS KMS).
  • Use a key that you store within your application.

For more information, you can also take a look at these AWS Blogs posts:

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions