Lesson Nineteen

  • Video 19 File Encryption Using The 3rd Party Tools

  • In the previous video we detailed how to encrypt your S3 bucket files (objects) by using your AWS console. In this video you will learn how to encrypt & decrypt your S3 bucket files using the 3rd party tools – Cloudberry S3 Explorer, Cyberduck & Bucket Explorer.

  • Running time is 5:34

In the previous video, we detailed how to encrypt your S3 bucket files or objects by using the AWS console. In this video, you’re going to learn how to encrypt your S3 bucket files or objects using the third party tools Cloudberry S3 Explorer, Cyberduck and Bucket Explorer.

Now we’re going to start with Cyberduck. I’ve already logged in so I want to just double click on this bucket here and you can select either single or double files, just like we did in the AWS video and then select the get info icon on the toolbar or from up here in the file menu and selecting info from the dropdown or by right clicking on the object and then selecting info.

And then come on over to S3 and after it’s done doing its thing, you want to check the box here next to server-side encryption and yes the checkmark is no longer there but if we come on back here, if we get out of here and then refresh and then come on back into that item and then check out the metadata, you can see that the server-side encryption has taken place after all. If you want to decrypt or un-encrypt this, then you can just select it from within metadata and then come on down here to the lower left corner and hit the dropdown arrow and it’s just off the screen but the last item on this dropdown box is remove and you’re good. And that’s Cyberduck.

Let’s head on over to Bucket Explorer and log in, then I’m going to uses quick connect then go to Jane’s account again and select that same bucket and if you remember from the prior videos, we have the bucket tools up here and we’ve got the individual object tools right here, so if you wanted to individually encrypt a file, then select that file down here or if you wanted to select multiple files, then you just hold the control key down on your keyboard and select additional files. In either case, single or multiple, come on up here to batch operations and then come on down and hover over server-side encryption and click on encrypt to encrypt or decrypt to decrypt, but you can do all of these within that one bucket by using the bucket tool up here.

Select that bucket, come on up to batch operations, server-side encryptions and click on encrypt. It’s going to take care of everything in that bucket in one full sweep and there we are, all 6 items are taken care off. That’s five files, I believe it was, in one folder. Let’s get on out of here. Now we want to decrypt these so that I can demonstrate the same thing in Cloudberry S3 Explorer. So again with that bucket selected or if we wanted to select all the objects and do it the harder way, again you’re still working with the batch operations, server-side encryption, click on decrypt and then the queue window’s going to popup or the transfer queue window. As you can see it’s updating the metadata. In other words you can do the same thing, encrypt or decrypt by way of the metadata as well.

Okay so we’re good to go on to our last and my most favorite third party tool in working with the S3 objects and that is Cloudberry S3 Explorer. Now you can do the same thing here as we’ve done in the other 2 tools. Select the bucket, select individual or multiple files and you can right click on them. Come on down to server-side encryption and encrypt or decrypt and you can do the same thing with multiple files.

Right click, server-side encryption, encrypt or decrypt and the http headers is the metadata here but you can take this one step further and create what’s called upload rules that’s similar to the bucket policy of the AWS console where with the bucket policy we created in the prior video where we made sure that no object could be uploaded unless it was encrypted, well with this it’s even better because with this we’re not restricting anything. We’re actually automatically encrypting the files are we’re uploading them. If we come on up here to tools and then come on down to upload rules then select the account you want to create this rule for.

We’re going to go with Joe’s demo. Click on add. Up here in the top dropdown hit that, click on encrypt, check the box next to server-side encryption right below that. Come on down here and click on okay and then we’re good and if at any point in the future you wanted to remove this upload rule or any other rule you would create for this particular account, you would either just uncheck the box next to it or select it and then click on remove.

I’m going to leave that intact right now because I want to demonstrate that for you. By the way you can do the same thing by right clicking on any item in here then come on down here to upload rules – new upload rule or show all the existing rules. But if we were to…let me see if I’ve got one over here. Yeah let’s go ahead and delete this one so that I can show you the upload rule in play. Let’s go ahead and move Jane’s credentials on over here. Copy, yes, it will show you that it’s automatically encrypted because of that upload rule. So right click, http headers, AES-256 encryption right there.

And that’s going to bring us to the end of this video on encrypting your S3 bucket files using Cloudberry S3 Explorer, Cyberduck and Bucket Explorer. Thanks for watching and you have a great day.