s3sfe (S3 Sync Filelist Encrypted) Sync a list of files to S3, using server-side encryption with customer-provided keys.
Project description
s3sfe
s3sfe (S3 Sync Filelist Encrypted) Sync a list of files to S3, using server-side encryption with customer-provided keys.
Introduction
This is a quick script I wrote for my own purposes. It’s not terribly well tested, and it serves a small niche use case. If you’re looking to securely sync your backups to S3 or another offsite storage, I’d highly encourage you to look into the other options.
My use case is relatively simple:
I want to sync just some files from my backups to S3; a specific whitelist of files and directories.
I don’t want to keep history, I just want the latest versions somewhere offsite.
I want to use S3 Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C); I’m fine keeping the key on my computer, because if someone can get it, they can get the original files too. I’m not worried about Amazon snooping on my data. I’m not concerned with anyone being able to access the filenames or metadata. All I’m really concerned about is that if a malicious party gets access to my AWS account, they don’t also implicitly get the file contents.
This tool takes a list of files or directories on the local filesystem and syncs them to S3, using server-side encryption. It uses the files’ md5sums to only upload files that differ from what’s already in S3.
Requirements
Python 2.7 or 3.3+ (currently tested with 2.7, 3.3+ and developed with 3.6)
Python VirtualEnv and pip (recommended installation method; your OS/distribution should have packages for these)
Installation
It’s recommended that you install into a virtual environment (virtualenv / venv). See the virtualenv usage documentation for information on how to create a venv.
pip install s3sfeConfiguration
s3sfe takes all of its configuration via command-line options. It does, however, expect a few elements of configuration to be present on the system:
Your AWS Credentials must be available to the program in one of the methods supported by boto3, typically either environment variables or one of the supported credentials files (~/.aws/credentials or ~/.aws/config) or boto configuration files (~/.boto or /etc/boto.cfg).
Your encryption key for S3 Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C) must be stored in a file readable by this program. This must be a 256-bit AES256 key, stored in binary format.
Usage
To backup: s3sfe --help
To restore: s3sfe-restore --help
Bugs and Feature Requests
Bug reports and feature requests are happily accepted via the GitHub Issue Tracker. Pull requests are welcome. Issues that don’t have an accompanying pull request will be worked on as my time and priority allows.
Development
To install for development:
Fork the s3sfe repository on GitHub
Create a new branch off of master in your fork.
$ virtualenv s3sfe
$ cd s3sfe && source bin/activate
$ pip install -e git+git@github.com:YOURNAME/s3sfe.git@BRANCHNAME#egg=s3sfe
$ cd src/s3sfeThe git clone you’re now in will probably be checked out to a specific commit, so you may want to git checkout BRANCHNAME.
Guidelines
pep8 compliant with some exceptions (see pytest.ini)
100% test coverage with pytest (with valid tests)
Testing
Testing is done via pytest, driven by tox.
testing is as simple as:
pip install tox
tox
If you want to pass additional arguments to pytest, add them to the tox command line after “–”. i.e., for verbose pytext output on py27 tests: tox -e py27 -- -v
Release Checklist
Open an issue for the release; cut a branch off master for that issue.
Confirm that there are CHANGES.rst entries for all major changes.
Ensure that Travis tests passing in all environments.
Ensure that test coverage is no less than the last release (ideally, 100%).
Increment the version number in s3sfe/version.py and add version and release date to CHANGES.rst, then push to GitHub.
Confirm that README.rst renders correctly on GitHub.
Upload package to testpypi:
Make sure your ~/.pypirc file is correct (a repo called test for https://testpypi.python.org/pypi)
rm -Rf dist
python setup.py register -r https://testpypi.python.org/pypi
python setup.py sdist bdist_wheel
twine upload -r test dist/*
Check that the README renders at https://testpypi.python.org/pypi/s3sfe
Create a pull request for the release to be merged into master. Upon successful Travis build, merge it.
Tag the release in Git, push tag to GitHub:
tag the release. for now the message is quite simple: git tag -s -a X.Y.Z -m 'X.Y.Z released YYYY-MM-DD'
push the tag to GitHub: git push origin X.Y.Z
Upload package to live pypi:
twine upload dist/*
make sure any GH issues fixed in the release were closed.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file s3sfe-0.1.1.tar.gz.
File metadata
- Download URL: s3sfe-0.1.1.tar.gz
- Upload date:
- Size: 36.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | edda6f635e931f149099003d2fe075092991cf48b240b399d7c0f8129eb094f0 |
|
| MD5 | 474c01da4f24fd147cbb17fb3b96f586 |
|
| BLAKE2b-256 | b6399ccfe563194c29f33b5715d9224de3803d034d580a1282f01dde1f1cbc96 |
File details
Details for the file s3sfe-0.1.1-py2.py3-none-any.whl.
File metadata
- Download URL: s3sfe-0.1.1-py2.py3-none-any.whl
- Upload date:
- Size: 44.0 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bb2840b2a60f2efb928654a84f68f22973be3ba6deb36fdd4acf8c8aca605220 |
|
| MD5 | 09c6e220f7b4ce604db1102944931c56 |
|
| BLAKE2b-256 | 734df08997ec80b6e424d58d8dd6f5cdd0db22f6cd03dcbaaf20e70c779eab5d |
