Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

KMS Support - Nuxeo with Amazon S3 Server Side Encryption

Michael_Soohoo
Champ in-the-making
Champ in-the-making

‎06-15-2017 02:59 PM

I'm trying to get Nuxeo to store its binaries in S3 with Server-Side encryption.

I can't use AES-256 encryption. AWS KMS encryption is required. Does Nuxeo provide support for using KMS keys? I'm not find any information about this at https://doc.nuxeo.com/nxdoc/amazon-s3-online-storage/. If anything, it sounds like Nuxeo only supports AES-256.

The bucket policy I have to accommodate is the following:

{
    "Version": "2012-10-17",
    "Id": "ServerSideEncryptionPolicy",
    "Statement": [
        {
            "Sid": "DenyPutWithoutKmsKey",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "<REMOVED>",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "aws:kms",
                    "s3:x-amz-server-side-encryption-aws-kms-key-id": "<REMOVED>"
                }
            }
        }
}
0 Kudos
2 REPLIES 2

Florent_Guillau
World-Class Innovator
World-Class Innovator

‎08-18-2017 10:47 AM

At the moment we only support AES-256 for server-side encryption (this is hardcoded in the code). I've created NXP-22949 to track this feature request. It's not currently been scheduled.

0 Kudos

Florent_Guillau
World-Class Innovator
World-Class Innovator
In response to Florent_Guillau

‎08-18-2017 10:48 AM

We'd welcome a pull request on our code if you want to speed this up though.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC