Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail to upload file encrypted with KMS key, but works on the downalod #61

Open
bailejl opened this issue Dec 1, 2016 · 7 comments
Open

Fail to upload file encrypted with KMS key, but works on the downalod #61

bailejl opened this issue Dec 1, 2016 · 7 comments
Labels
bug security

Comments

@bailejl
Copy link

bailejl commented Dec 1, 2016

When trying to put a file to a S3 bucket it fails. The S3 bucket is private with versioning on. The file is using a KMS key to secure it. When I use a get to pull the file from the S3 bucket it works as planned, but when I do a put it fails with this error:

error running command: InvalidArgument: Server Side Encryption with AWS KMS managed key requires HTTP header x-amz-server-side-encryption : aws:kms
	status code: 400, request id: 04541E0A8076886F

Any help is appreciated.
@concourse-bot
Copy link
Collaborator

concourse-bot commented Dec 1, 2016
edited
Loading

Hi there!

We use Pivotal Tracker to provide visibility into what our team is working on. A story for this issue has been automatically created.

The current status is as follows:

  • #135354803 Fail to upload file encrypted with KMS key, but works on the downalod

This comment, as well as the labels on the issue, will be automatically updated as the status in Tracker changes.

@pms1969
Copy link

pms1969 commented Apr 25, 2017
edited
Loading

Bump. running into the exact same put problem.

Any progress?

@vito vito removed the unscheduled label May 9, 2017
@mariash mariash added this to the Help Wanted milestone Jun 16, 2017
@jtarchie jtarchie added the bug label Jul 26, 2017
@jtarchie
Copy link
Contributor

@bailejl && @pms1969: It looks like the value is not being passed for the encryption. I'd accept a PR with that change.

@pms1969
Copy link

pms1969 commented Aug 31, 2017

IIRC, the work around for me was not to specify the key. (it was the default anyway) But it was a while ago now, so that could be complete whaffle.

I'll try and replicate it again, and produce a PR.

@vito vito removed this from the Help Wanted milestone Nov 29, 2017
robertgruber added a commit to ONSdigital/paas-bootstrap that referenced this issue May 4, 2018
@robertgruber
Added permission to describe s3 default kms key
2395430 
This is to resolve a bug in Terraform that wants to read a default KMS key for S3 when creating an object
even if it's not used for encryption.
concourse/s3-resource#61

[#157117580]
@geofffranks
Copy link

Ran into this today with our private KMS encrypted bucket trying to put a blob up to it. No combination of setting server_side_encryption: aws:kms, sse_kms_key_id: my-id , private: true and use_v2_signing: false was helping.

Happy to try to PR this, but not sure if the code linked above is still relevant to the problem. Any ideas @jtarchie / @vito ?

@geofffranks
Copy link

Actually the error we're getting is slightly different:

error running command: InvalidArgument: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.
	status code: 400, request id:, host id:

@geofffranks
Copy link

Does it just need something like https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/s3-example-presigned-urls.html implemented for the requests if use_v2_signing is disabled?

@kallisti5 kallisti5 mentioned this issue Dec 9, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@vito @mariash @jtarchie @topherbullock @pms1969 @bailejl @geofffranks @concourse-bot