[Cyberduck-trac] [Cyberduck] #11583: S3 default SSE-KMS encryption is not used, upload fails.
Cyberduck
trac at cyberduck.io
Tue Feb 9 18:19:59 UTC 2021
#11583: S3 default SSE-KMS encryption is not used, upload fails.
----------------------------+------------------------
Reporter: jwilson8767 | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 7.8.2
Severity: normal | Keywords:
Architecture: Intel | Platform: Windows 10
----------------------------+------------------------
I have encountered an issue where the new(ish) S3 default encryption
(relevant doc: https://docs.aws.amazon.com/AmazonS3/latest/userguide
/bucket-encryption.html) which I have configured to use a specific SSE-KMS
key is not being applied when `Cyberduck> preferences > S3 > Encryption`
is set to "None". Uploads fail with the error message:
```
Upload <file> failed.
Access denied. Please contact your web hosting provider for assistance.
PUT /test HTTP/1.1
...
HTTP/1.1 403 Forbidden
```
Replication:
1. Create a bucket and apply an SSE-KMS default encryption
2. Using Cyberduck/Mountainduck attempt to upload a file
3. Upload fails
Could the PUT be being sent with some version of "x-amz-server-side-
encryption=null" when it should simply be omitted?
I did find a workaround, which is to manually choose the correct SSE-KMS
key in preferences, but this negates one of the primary benefits of having
a bucket default so that all team members have the exact same config.
--
Ticket URL: <https://trac.cyberduck.io/ticket/11583>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list