AWS Developer Blog: Using Client-Side Encryption for Amazon S3 in the AWS SDK for PHP
On the AWS Developer blog they've posted a new tutorial showing you how to use client-side encryption in the AWS PHP SDK for interactions with the AWS S3 service.
The AWS SDK for PHP released an S3EncryptionClient in version 3.38.0. With client-side encryption, data is encrypted and decrypted directly in your environment. This means that this data is encrypted before it’s transferred to Amazon S3, and you don’t rely on an external service to handle encryption for you.The AWS SDK for PHP implements envelope encryption and uses OpenSSL for its encrypting and decrypting. The implementation is interoperable with other SDKs that match its feature support. It’s also compatible with the SDK’s promise-based asynchronous workflow.
The tutorial then walks you through the setup of a new S3EncryptionClient
instance and how to use the putObject
method to push the file contents up to S3 automagically using the encryption. It also includes a code example of pulling the file contents down and decrypting the contents via a getObject
call.