module Shrine::Storage::S3::ClientSideEncryption

Adds support for Aws::S3::Encryption::Client.

Attributes

encryption_client[R]

Public Class Methods

new(client: nil, **options) click to toggle source

Save the encryption client and continue initialization with normal client.

Calls superclass method
# File lib/shrine/storage/s3.rb, line 362
def initialize(client: nil, **options)
  return super unless client.class.name.start_with?("Aws::S3::Encryption")

  super(client: client.client, **options)
  @encryption_client = client
end

Private Instance Methods

get(id, **options) click to toggle source
Calls superclass method
# File lib/shrine/storage/s3.rb, line 379
def get(id, **options)
  return super unless encryption_client

  # Encryption client v2 warns against streaming download, so we first
  # download all content into a file.
  tempfile = Tempfile.new("shrine-s3", binmode: true)
  response = encryption_client.get_object(response_target: tempfile, bucket: bucket.name, key: object_key(id), **options)
  tempfile.rewind

  chunks = Enumerator.new do |yielder|
    begin
      yielder << tempfile.read(16*1024) until tempfile.eof?
    ensure
      tempfile.close!
    end
  end

  [chunks, tempfile.size]
end
put(io, id, **options) click to toggle source

Encryption client doesn’t support multipart uploads, so we always use put_object.

Calls superclass method
# File lib/shrine/storage/s3.rb, line 373
def put(io, id, **options)
  return super unless encryption_client

  encryption_client.put_object(body: io, bucket: bucket.name, key: object_key(id), **options)
end