github.com/minio/minio-go/v6@v6.0.57/examples/s3/get-encrypted-object.go

github.com/minio/minio-go/v6@v6.0.57/examples/s3/get-encrypted-object.go (about)

     1  // +build ignore
     2  
     3  /*
     4   * MinIO Go Library for Amazon S3 Compatible Cloud Storage
     5   * Copyright 2015-2017 MinIO, Inc.
     6   *
     7   * Licensed under the Apache License, Version 2.0 (the "License");
     8   * you may not use this file except in compliance with the License.
     9   * You may obtain a copy of the License at
    10   *
    11   *     http://www.apache.org/licenses/LICENSE-2.0
    12   *
    13   * Unless required by applicable law or agreed to in writing, software
    14   * distributed under the License is distributed on an "AS IS" BASIS,
    15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    16   * See the License for the specific language governing permissions and
    17   * limitations under the License.
    18   */
    19  
    20  package main
    21  
    22  import (
    23  	"io"
    24  	"log"
    25  	"os"
    26  
    27  	"github.com/minio/minio-go/v6"
    28  	"github.com/minio/minio-go/v6/pkg/encrypt"
    29  )
    30  
    31  func main() {
    32  	// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY, my-bucketname, my-objectname and
    33  	// my-testfile are dummy values, please replace them with original values.
    34  
    35  	// Requests are always secure (HTTPS) by default. Set secure=false to enable insecure (HTTP) access.
    36  	// This boolean value is the last argument for New().
    37  
    38  	// New returns an Amazon S3 compatible client object. API compatibility (v2 or v4) is automatically
    39  	// determined based on the Endpoint value.
    40  	s3Client, err := minio.New("s3.amazonaws.com", "YOUR-ACCESS-KEY-HERE", "YOUR-SECRET-KEY-HERE", true)
    41  	if err != nil {
    42  		log.Fatalln(err)
    43  	}
    44  
    45  	bucketname := "my-bucketname"              // Specify a bucket name - the bucket must already exist
    46  	objectName := "my-objectname"              // Specify a object name - the object must already exist
    47  	password := "correct horse battery staple" // Specify your password. DO NOT USE THIS ONE - USE YOUR OWN.
    48  
    49  	// New SSE-C where the cryptographic key is derived from a password and the objectname + bucketname as salt
    50  	encryption := encrypt.DefaultPBKDF([]byte(password), []byte(bucketname+objectName))
    51  
    52  	// Get the encrypted object
    53  	reader, err := s3Client.GetObject(bucketname, objectName, minio.GetObjectOptions{ServerSideEncryption: encryption})
    54  	if err != nil {
    55  		log.Fatalln(err)
    56  	}
    57  	defer reader.Close()
    58  
    59  	// Local file which holds plain data
    60  	localFile, err := os.Create("my-testfile")
    61  	if err != nil {
    62  		log.Fatalln(err)
    63  	}
    64  	defer localFile.Close()
    65  
    66  	if _, err := io.Copy(localFile, reader); err != nil {
    67  		log.Fatalln(err)
    68  	}
    69  }