For protection of customer data, encryption in transit and at rest is required. Some data stored in S3, requires the use of customer managed, customer provided keys. This provides an extra level of security through separation of duties, as one team/role can manage the keys, while another team/role can use the provided keys for encryption of the data.
Currently, AEM S3 connection supports only two of the valid encryption options for S3 server-side encryption. SSE-C encryption is needed to allow for that separation of duties.
Current/Experienced Behavior:
AEM S3 connector currently supports SSE-S3 and SSE-KMS, but not SSE-C (customer managed, customer provided keys)
Improved/Expected Behavior:
AEM S3 connector would support all 3 encryption options
Environment Details (AEM version/service pack, any other specifics if applicable):
This has been reported to the engineering under the internal reference CQ-4351177. The product team will triage this request to verify feasibility based on the prioritization model. This post will be updated according to the Jira request status.
