SSE-C encryption doesn't work with a multipart upload

Question

SSE-C encryption doesn't work with a multipart upload

mcproger opened this issue 2 years ago · 3 comments

Async AWS SDK for Python version: 9.3.1
Python version: 3.10.5
Operating System: Docker image (Debian GNU/Linux 11 (bullseye))

Description

Hello!

SSE-C encryption (Server Side Encryption with Customer provided key) doesn't work well with a multipart upload. It fails with an error botocore.exceptions.ClientError: An error occurred (InvalidRequest) when calling the UploadPart operation: The multipart upload initiate requested encryption. Subsequent part requests must include the appropriate encryption parameters.

The same code snippet works well in the sync version boto3.

What I Did

async with session.client(
    's3',
    aws_access_key_id=access_key_id,
    aws_secret_access_key=secret_access_key,
    region_name=region,
) as session:
    await destination_s3.upload_fileobj(
        raw_stream,
        Bucket=bucket,
        Key=key,
        ExtraArgs={
            'ACL': 'bucket-owner-full-control',
            'SSECustomerAlgorithm': 'AES256',
            'SSECustomerKey': KEY
        },
    )

Answer 1 · 2022-08-10T19:35:16.000Z

Ah yeah, I have an idea why that might not work. Will look into it on the weekend if I get a chance.

Answer 2 · 2022-08-11T17:58:12.000Z

Can you try version 10.0.1a0 and see if that fixes it for you?

Answer 3 · 2024-05-27T16:08:48.000Z

This should be fixed as part of v13.0.0, if not, please re-open