Is there some sort of encryption build into com.cognitect.aws/s3 like in Amazon’s AWS-SDK for Java? I need to encrypt data at rest. I can use a javax.crypto.CipherInputStream to encrypt data before passing it to the aws-client, though. But something well tested is preferable!

@defa I use "SSE KMS" to encrypt at REST -- https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

there's a few different ways to do this

@ghadi and you use Cognitect’s AWS client? Because I can’t find any related documentation to do that.

I am a maintainer for that client

You need to figure out what you want to do though -- you can do encryption at rest with S3 without needing to encrypt on the client side (e.g. CipherInputStream, etc.)

SSE Customer KMS SSE AWS KMS Client-Side Encryption

^ the three main choices

client-side encryption would be my choice

if you do client side encryption, use something like Google Tink or libsodium to encrypt

lots of ways to shoot yourself in the foot with java crypto

I’m using caesium right now which is a wrapper around libsodium.

https://github.com/lvh/caesium

Is there an example für SSE with customer KMS?

caesium is great

(I still prefer using KMS)