What is the correct way of passing S3 headers inside Django?

Question

I am using S3BotoStorage as my DEFAULT_FILE_STORAGE in my django app. So all the files that I upload to my app are uploaded to a S3 bucket. I wanted to encrypt my files using SSE-C so I following the documentation provided here by AWS. I added the following lines to my settings.py

# settings.py
AWS_S3_ENCRYPTION = True
key = ...
key_md5 = ...
AWS_HEADERS = {
    'x-amz-server-side-encryption-customer-algorithm': 'AES256',
    'x-amz-server-side-encryption-customer-key': key,
    'x-amz-server-side-encryption-customer-key-MD5': key_md5,
}

But as soon as I add these headers I start receiving the following error.

[Error 104] Connection Reset by Peer

The file uploads are working fine without the headers.

I don't why is this happening?

Please let me know if anymore details are needed.

Answer 1

Short answer: the wrapper you are using doesn't support custom encryption key, due to obsoleted boto2 implementation.

Long answer : Here is the source of S3BotoStorage. Now here come the puzzle of how boto2 saving file. Where did you find the header? So I see they suggest something like this

AWS_HEADERS = {
    'Expires': 'Thu, 15 Apr 2010 20:00:00 GMT',
    'Cache-Control': 'max-age=86400',
}

There is no example for encryption headers passing to boto. The header you given, is for REST API, not the S3BotoStorage wrapper. So you may only able to use this and forget about setting the AWS_HEADERS for the encryption algorithm, give custom encryption key.

And the confusing part is , in boto2, S3 object name are call key (in boto3, they improve it and call it key_name explicitly) . This has nothing to do with encryption key.