That one should be quite easy to implement: Support setting for AWS-KMS. Boto support’s it and all is need is to add KMS key id support to S# settings in seafile.conf.
Right now it is not possible to use S3 bucket encryption (beside seafile enryption), so that would be nice to implement 
1 Like
@daniel.pan we are interested as well in Server Side Object Storage encrpytion.
Our plattform provider (not AWS) Supports SSE-C over the nativ AWS S3 API.
Is there any Posibility to add the required settings to the seafile config.
Different S3 Encryption Types: Amazon S3 Server-Side Encryption Types - CMKs Stored in AWS KMS (SSE-KMS), Amazon S3-managed encryption keys (SSE-S3), customer-provided encryption keys (SSE-C)
Reference SSE-C: Using server-side encryption with customer-provided keys (SSE-C) - Amazon Simple Storage Service
Reference SSE-KMS: Using server-side encryption with AWS KMS keys (SSE-KMS) - Amazon Simple Storage Service
Thank you very much for check this feature.
Seafile supports KMS encryption out of the box. You just need to configure per AWS documentation: Using server-side encryption with AWS KMS keys (SSE-KMS) - Amazon Simple Storage Service . However, the current version of Seafile uses deprecated boto library, which has a bug (https://github.com/boto/boto/issues/3750) supporting KMS. In version 11 we’ll upgrade to boto3, which supports KMS out of the box. If you want to use KMS now, you can apply a patch to boto: check for kms, skip etag check by williamkinney · Pull Request #12 · DataDog/boto · GitHub
I had a look at SSE-C. You have to provide the encryption keys for each object. Is using the same key for all objects sufficient for your case? Using different keys for different objects requires a more advanced key management system, which is out of the scope of Seafile itself.
@Jonathan thank you very much for your reply and the clarification about SSE-KMS.
As our Cloud Provider (Exoscale) Only Support SSE-C the same key for all objects is sufficent.
Link: Simple Object Storage encryption (exoscale.com)
Looking forward to see the implementation of SSE-C in Seafile.