S3 Artifact Encryption

Hi all, looking for some advice on encryption support for S3 artefacts with BYO bucket.

Hey Joel. Rather late reply here, but…

By default, artifacts uploaded to your own S3 bucket aren’t encrypted in any way.

You can set BUILDKITE_S3_SSE_ENABLED=true in the agent environment to enable S3 Server Side Encryption (SSE-S3) using AES256 and Amazon-managed keys. However the agent does not currently support KMS customer-managed keys (SSE-KMS) nor S3 Client Side Encryption.

Alternatively, you can of course encrypt your file(s) before uploading them as artifacts.

1 Like