Encryption

00:00 When you upload files to S3, you don’t need to leave them in plaintext for anyone to look at if they get access to the server. In this video, you’ll learn how to add server-side encryption to files.

00:12 The best part is that AWS manages the encryption and the keys, so it’s relatively straightforward to start using right away. First, let’s create a third file, and we’ll save the third_file_name using the create_temp_file(). And this one, just say 300 bytes, call it 'thirdfile.txt', and fill this one up with 't'.

00:42 And like before, I’m going to grab that third_file_name,

00:49 and save it with the rest. Okay. Now you need to upload that file, and this will be pretty straightforward, like last time. Make a new Object instance and this’ll be equal to the s3_resource.Object(), and this will go into that first bucket as well, but this time pass in the third_file_name.

01:18 Okay. And like before, you now have this third_object instance, but it hasn’t been uploaded. So you need to call .upload_file(), pass in the third_file_name, and like the ACL examples, you’re going to pass in some extra arguments.

01:43 And this time you’re going to pass in 'ServerSideEncryption',

01:51 and in this case, let’s use 'AES256'.

01:59 Close everything off. And no errors! All right! So now that that’s been uploaded, that resource object actually saves that information as a property. So you could say third_object and then take a look at this .server_side_encryption property, and it’ll return to you that 'AES256'.

02:27 So obviously, encryption is only going to be as strong as the keys themselves, so keep that in mind when you’re allowing AWS to manage those keys for you.

02:37 That being said, since boto3 allows you to add a layer of encryption with just a single extra argument, it’s probably not a bad idea to add to your object creation workflow.

02:47 In the next video, we’re going to take a deep dive into the types of storage options available when using S3. Thanks for watching.