{"id":21870286,"url":"https://github.com/bmuller/ex_aws_s3_crypto","last_synced_at":"2025-07-06T20:32:21.317Z","repository":{"id":53346474,"uuid":"185455328","full_name":"bmuller/ex_aws_s3_crypto","owner":"bmuller","description":"AWS S3 client-side encryption support for Elixir","archived":false,"fork":false,"pushed_at":"2025-06-28T01:11:27.000Z","size":73,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-28T02:18:16.755Z","etag":null,"topics":["aws","crypto","elixir"],"latest_commit_sha":null,"homepage":"https://hex.pm/packages/ex_aws_s3_crypto","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bmuller.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-05-07T18:14:37.000Z","updated_at":"2025-06-28T01:10:39.000Z","dependencies_parsed_at":"2024-07-24T02:53:00.138Z","dependency_job_id":null,"html_url":"https://github.com/bmuller/ex_aws_s3_crypto","commit_stats":{"total_commits":21,"total_committers":1,"mean_commits":21.0,"dds":0.0,"last_synced_commit":"7bcf3334963403cff00ab56d69a5f75076f121c7"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/bmuller/ex_aws_s3_crypto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bmuller%2Fex_aws_s3_crypto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bmuller%2Fex_aws_s3_crypto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bmuller%2Fex_aws_s3_crypto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bmuller%2Fex_aws_s3_crypto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bmuller","download_url":"https://codeload.github.com/bmuller/ex_aws_s3_crypto/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bmuller%2Fex_aws_s3_crypto/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262362404,"owners_count":23299167,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","crypto","elixir"],"created_at":"2024-11-28T06:10:56.425Z","updated_at":"2025-07-06T20:32:21.311Z","avatar_url":"https://github.com/bmuller.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ExAws.S3.Crypto\n[![Build Status](https://github.com/bmuller/ex_aws_s3_crypto/actions/workflows/ci.yml/badge.svg)](https://github.com/bmuller/ex_aws_s3_crypto/actions/workflows/ci.yml)\n[![Hex pm](http://img.shields.io/hexpm/v/ex_aws_s3_crypto.svg?style=flat)](https://hex.pm/packages/ex_aws_s3_crypto)\n[![API Docs](https://img.shields.io/badge/api-docs-lightgreen.svg?style=flat)](https://hexdocs.pm/ex_aws_s3_crypto/)\n\n`ExAws.S3.Crypto` provides [client-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) support for\n[Amazon S3](https://aws.amazon.com/s3/).  It allows you to encrypt data before sending it to S3.  This particular implementation\ncurrently supports a [AWS KMS-managed customer master key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys)\nand assumes you have one already generated.\n\n`ExAws.S3.Crypto` makes heavy use of the existing [ex_aws_s3](https://hex.pm/packages/ex_aws_s3) library\nand Erlang's [crypto module](http://erlang.org/doc/man/crypto.html).  It has confirmed compatability with the [Golang AWS SDK client-encryption\nlibrary](https://github.com/aws/aws-sdk-go/tree/master/service/s3) and uses [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)\n[GCM](https://en.wikipedia.org/wiki/Galois/Counter_Mode) with 256-bit keys by default.\n\n**Note:** As of version 2.0, OTP version 22 or greater is required due to changes in the `:crypto` library.\n\n## Installation\n\nTo install ExAws.S3.Crypto, just add an entry to your `mix.exs`:\n\n```elixir\ndef deps do\n  [\n    {:ex_aws_s3_crypto, \"~\u003e 3.2\"}\n  ]\nend\n```\n\n(Check [Hex](https://hex.pm/packages/ex_aws_s3_crypto) to make sure you're using an up-to-date version number.)\n\n## Usage\nFirst, make sure you have the id for your master key (should be of the form of a UUID, like `123e4567-e89b-12d3-a456-426655440000`) and the\nbucket you're using already set up.  You should be able to make requests using `ExAws` (see\n[the ExAws docs](https://hexdocs.pm/ex_aws/ExAws.html#module-aws-key-configuration) for configuration instructions).\n\nTo encrypt and upload an object, it's easy as pie.\n\n```elixir\nbucket = \"my-awesome-bucket\"\nkey_id = \"123e4567-e89b-12d3-a456-426655440000\"\ncontents = \"this is some special text that should be secret\"\n\n# Encrypt, then upload object\nrequest = ExAws.S3.put_object(bucket, \"secret.txt.enc\", contents)\n{:ok, encrypted_request} = ExAws.S3.Crypto.encrypt(request, key_id)\nExAws.request(encrypted_request)\n\n# Or, use this shorter version of above\nExAws.S3.Crypto.put_encrypted_object(bucket, \"secret.txt.enc\", contents, key_id)\n```\n\nDecrypting is easy too, and doesn't even require knowing the original key id.\n\n```elixir\n# get encrypted object, then decrypt\n{:ok, encrypted} = ExAws.S3.get_object(bucket, \"secret.txt.enc\") |\u003e ExAws.request\n{:ok, decrypted} = ExAws.S3.Crypto.decrypt(encrypted)\nIO.puts decrypted.body\n\n# Or, use this shorter version of above\n{:ok, decrypted} = ExAws.S3.Crypto.get_encrypted_object(bucket, \"secret.txt.enc\")\nIO.puts decrypted.body\n```\n\nSee [the docs](https://hexdocs.pm/ex_aws_s3_crypto) for more examples.\n\n## Running Tests\n\nTo run tests:\n\n```shell\n$ mix test\n```\n\n## Reporting Issues\n\nPlease report all issues [on github](https://github.com/bmuller/ex_aws_s3_crypto/issues).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbmuller%2Fex_aws_s3_crypto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbmuller%2Fex_aws_s3_crypto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbmuller%2Fex_aws_s3_crypto/lists"}