我正在尝试将加密数据上传到S3。此代码成功加密数据,但它将原始未加密文件上载到S3。如何告诉它上传加密数据?
注意 - 评论的解密线用于测试数据是否已加密并正确解密
session = botocore.session.get_session()
client = session.create_client('kms',
region_name = 'us-east-1',
aws_access_key_id = '[YOUR ACCESS KEY]',
aws_secret_access_key = '[YOUR SECRET ACCESSKEY]')
key_id = '[KEY ID]'
plaintext='[FILEPATH\FILENAME.CSV]'
ciphertext = client.encrypt(KeyId=key_id, Plaintext=plaintext)
#decrypt_ciphertext = client.decrypt(CiphertextBlob =
ciphertext['CiphertextBlob'])
print('Ciphertext: ', ciphertext)
#print('Decrypted Ciphertext: ', decrypt_ciphertext)
s3 = boto3.client('s3',
aws_access_key_id='[YOUR ACCESS KEY]',
aws_secret_access_key='[YOUR SECRET ACCESS KEY]')
filename = '[FILEPATH\FILENAME.CSV]'
bucket_name = '[BUCKET NAME]'
# Uploads the given file using a managed uploader, which will split up large
# files automatically and upload parts in parallel.
s3.upload_file(filename, bucket_name, filename)
答案 0 :(得分:1)
KMS encrypt() command 不对文件有效。相反,它接受Plaintext中的传入文本,并在CiphertextBlob中输出加密文本。
您的代码负责读取源文件并将内容传递给encrypt(),然后负责将内容写入磁盘。
另见: