Java Code to Encrypt Upload a File to S3
Upload and download encrypted files in your Node App with AWS S3
S3 bucket leverages NodeJS apps for uploading, downloading, and deleting files. Encryption is a very of import part in file upload. AWS envelope encryption using the KMS key makes sure that information is safe at residuum. This article is mainly focused on uploading files to S3 bucket with encrypted content.
Steps to Upload and download encrypted files in AWS S3 :
- Creating an S3 saucepan and binder using the AWS console. Creating folder within bucket and giving access policy. (Cosmos of user, user group and user puddle id is not covered considering information technology is another topic and will be covered in another article)
- Creating KMS keys using the AWS console. KMS keys are very important and required for the encryption of file content.
- Uploading and downloading encrypted files using KMS keys in NodeJS.
AWS Console
- Creating S3 bucket and Folder using AWS panel: Create login in AWS console. Become to AWS services, select S3 in the AWS console.
Create a new S3 bucket and cull the region.
Block public access
Create Folder and choose encryption type, we have called AES-256 in this example.
ii. Creating KMS keys using the AWS console:
Now create a user using AWS IM user panel. Choose programmatically access to generate access keys. Once the user is created and the user pool is setup. Generate the KMS keys using the AWS KMS panel.
- For Region, select the advisable AWS Region. Do not use the region selector in the navigation bar (summit right corner).
- Select to generate CMK primal(client chief keys). Blazon an alias for the CMK. An alias cannot begin with the AWS. Aliases that brainstorm with the AWS are reserved by Amazon Spider web Services to correspond AWS-managed CMKs in your account.
- An alias is a brandish name that you tin can use to identify the CMK. Recommend setting is to choose an alias that indicates the type of information you programme to protect or the awarding you plan to use with the CMK. Cull description although it is optional but it's good to have features. The description should have information on encryption type and awarding for which this key is consumed.
- Click next and type a tag primal and an optional tag value. To add more than than one tag to the CMK, choose Add tag. Tagging is always optional. Select the IAM users and roles tin administer the CMK.
- By default AWS account (root user) has total permissions by default. Every bit a result, whatsoever IAM users and roles whose attached policies allow the appropriate permissions can also administer the CMK. To forbid the IAM users and roles that you chose in the previous step from deleting this CMK, articulate the box at the bottom of the page for Let fundamental administrators to delete this key.
- At present adjacent stride is to select the IAM users and roles can use the CMK to encrypt and decrypt data with the AWS KMS API.
- The AWS account (root user) has full permissions past default. Equally a result, any IAM users and roles whose attached policies let the appropriate permissions can also utilise the CMK.
- This is an optional footstep where you can use the controls at the lesser of the page to specify other AWS accounts that can use this CMK to encrypt and decrypt data. To exercise so, cull to Add together an External Account and then type the intended AWS account ID. Repeat as necessary to add together more than i external account.
- Administrators of the external accounts must also allow admission to the CMK by creating IAM policies for their users. For more information, run across Allowing External AWS Accounts to Admission a CMK. Now choose next and finish the step of key creation.
Our S3 bucket folder is prepare. We likewise created users, user pool id, and CMK keys for envelope encryption.
3. Uploading and downloading encrypted files using KMS keys in Node
- Install the AWS SDK dependency and file encryptor module
#Install aws sdk and file encryptor module npm install aws-sdk npm install file-encryptor npm install file-system --save
- AWS SDK and file encryptor module volition be available for NodeJS
//to encrypt files
var encryptor = require('file-encryptor'); //to read the file
var fs = require('fs'); //to upload, delete and download from s3 bucket
var AWS = require('aws-sdk/dist/aws-sdk-react-native');
- As dependencies are fix, create
aws-sdk.config.jsonin the source folder of node awarding. Caution: do non createaws-sdk.config.jsonin the root directory considering one time you run the docker command, the docker will non include the root directory configuration file.
- We are only keeping region details hither in this configuration. Other keys are passed from the command line or dot-env file.
- Now create an encryption.js file in utils and utilise the following lawmaking for encryption and decryption. This file will encrypt and decrypt S3 saucepan content before uploading and downloading.
- Create a file upload.js that is responsible for uploading the file to the S3 saucepan. This file will use the above encryption.js file to encrypt and decrypt content.
Inline 2, we are loading the AWS SDK and checking the region. Line xvi consign.putObject is calling encryption.js file, encrypting the data, and uploading in S3 bucket.
Adjacent write the final function to upload file in S3 bucket uploadFilesins3BucketHandler. This office is using a node fs module to read the file. See the beneath lawmaking cake.
Next, nosotros will download the file. For downloading, first we need to decrypt using the same cipher setting
Deleting file is mode elementary, but pass the bucket and file details
Decision: We accept learned to create S3 buckets and folders using S3 console, creation of KMS key, or our own CMK keys. Nosotros accept too seen how to encrypt file data and upload it to the S3 bucket. Below are some useful references and documentation.
References:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying.html#key-policy-modifying-external-accounts
Source: https://javascript.plainenglish.io/uploading-encrypted-files-in-aws-s3-bucket-with-nodejs-app-c28b7fef1779
Post a Comment for "Java Code to Encrypt Upload a File to S3"