Home > @hapoosjs/aws-buckets > AWSBuckets > setEncryption

AWSBuckets.setEncryption() method

Turn default server side encryption of bucket files on or off.

Signature:

setEncryption(bucketName: string, flag: boolean, options?: SetEncryptionOptions): Promise<void>;

Parameters

Parameter Type Description
bucketName string Bucket name
flag boolean true if you want to encrypt files in this bucket by default
options SetEncryptionOptions (Optional) Options that allow specification of KMS key, encryption algo, etc.

Returns:

Promise<void>

Remarks

There are two options for encrypting bucket objects on the server side. Clients can either use a S3-managed key or a KMS key. For the first option, call this method without the options argument. or call it with options.algorithm set to “AES256”.

Alternatively you can specify a KMS-managed key for encryption. You can do so by setting options.algorithm to “aws:kms” and optionally specifying your own key ID/ARN via options.keyId. If no key is specified, AWS will auto-generate a KMS key.

In case of KMS-managed key, this method sets the BucketKeyEnabled passed on to AWS to true. You can override this by specifying options.disableBucketKey to true.