Home > @hapoosjs/aws-buckets > AWSBuckets > setEncryption
Turn default server side encryption of bucket files on or off.
Signature:
setEncryption(bucketName: string, flag: boolean, options?: SetEncryptionOptions): Promise<void>;
Parameter | Type | Description |
---|---|---|
bucketName | string | Bucket name |
flag | boolean | true if you want to encrypt files in this bucket by default |
options | SetEncryptionOptions | (Optional) Options that allow specification of KMS key, encryption algo, etc. |
Returns:
Promise<void>
There are two options for encrypting bucket objects on the server side. Clients can either use a S3-managed key or a KMS key. For the first option, call this method without the options
argument. or call it with options.algorithm
set to “AES256”.
Alternatively you can specify a KMS-managed key for encryption. You can do so by setting options.algorithm
to “aws:kms” and optionally specifying your own key ID/ARN via options.keyId
. If no key is specified, AWS will auto-generate a KMS key.
In case of KMS-managed key, this method sets the BucketKeyEnabled
passed on to AWS to true
. You can override this by specifying options.disableBucketKey
to true
.