Page MenuHomePhabricator
Files F15465537

D10176.id24480.diff
No OneTemporary
Actions

D10176.id24480.diff
View Options

diff --git a/src/applications/files/engine/PhabricatorS3FileStorageEngine.php b/src/applications/files/engine/PhabricatorS3FileStorageEngine.php
--- a/src/applications/files/engine/PhabricatorS3FileStorageEngine.php
+++ b/src/applications/files/engine/PhabricatorS3FileStorageEngine.php
@@ -44,7 +44,8 @@
$data,
$this->getBucketName(),
$name,
- $acl = 'private');
+ $acl = 'private',
+ $serverSideEncryption = $this->getServerSideEncryption());
return $name;
}
@@ -97,6 +98,16 @@
}
/**
+ * Retrieve the desired encryption method for objects stored on S3.
+ *
+ * @task internal
+ */
+ private function getServerSideEncryption() {
+ return PhabricatorEnv::getEnvConfigIfExists(
+ 'storage.s3.serverSideEncryption', '');
+ }
+
+ /**
* Create a new S3 API object.
*
* @task internal
diff --git a/src/docs/user/configuration/configuring_file_storage.diviner b/src/docs/user/configuration/configuring_file_storage.diviner
--- a/src/docs/user/configuration/configuring_file_storage.diviner
+++ b/src/docs/user/configuration/configuring_file_storage.diviner
@@ -70,6 +70,11 @@
- ##amazon-s3.secret-key## Your AWS secret key.
- ##storage.s3.bucket## S3 bucket name where files should be stored.
+To enable using S3's server side encryption, set the following key:
+
+ - ##storage.s3.serverSideEncryption## The value to send in the
+ x-amz-server-side-encryption header (e.g. AES256)
+
== Custom Engine ==
For details about writing a custom storage engine, see @{article:File Storage

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 3, 8:18 PM (3 d, 10 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7707569
Default Alt Text
D10176.id24480.diff (1 KB)

Event Timeline

Phabricator · Built by Phacility