Server side encryption

Yarkon supports all versions of SSE (Server Side Encryption). The full set up is described hereby.

AWS console

On the S3 side, Yarkon expect SSE to be set up following the common AWS guidelines, as illustrated below:

Bucket SSE set to the chosen encryption (Yarkon supports SSE-S3, SSE-KMS and SSE-C).

Bucket Server Side Encryption Set Up

(Optional, but highly recommended) Bucket policy may be set to disallow non encrypted uploads.

Bucket Server Side Encryption Policy

The IAM policy for the Yarkon server role (or the IAM user that is used to grant permissions to the Yarkon user when using the Cloud product) should include the following KMS related permissions:

Yarkon Server IAM Policy

Yarkon admin console

From the Yarkon Admin Console, turn on the SSE feature using the Buckets page. Once the feature is on, the bucket list displayed by Yarkon Admin Console would show the current SSE status of each bucket.

Server Side Encryption Set Up

Yarkon client application

The Yarkon client application would recognize it as well.

Server Side Encryption in Client
Server Side Encryption in Upload