Safe and secure file sharing with S3.
S3 is a simple tool for sharing information. Time and time again, we see organizations using S3 in insecure ways. This tool is built to try to make it very easy to share files securely.
Usually, the folks we’re talking to have files in a directory that they want to share.
What S3S2 makes easy is:
The goal is that a partner can run a simple command like this:
s3s2 share --config /your/config.json --directory the_directory
S3S2 is just using open and existing tools in a secure combination.
We produce packages for common platforms that you can just download from github.
This section describes how to use the tool. Skip to Running to jump to the most useful stuff.
We generally recommend using aws-vault (https://github.com/99designs/aws-vault) for storing AWS credentials and setting environment variables.
S3S2 is designed to work seamlessly with aws-vault so that you can say something like:
aws-vault exec <role> s3s2 share --directory /directory
and it will pick up the correct AWS credentials.
Often, we want to share different data with the same partner.
In that case, many of the configuration variables are the same. Sometimes we want to share a pre-baked configuration with the partner so that everything “just works”.
To do that, run:
s3s2 config
and you will be prompted for each parameter, which will then be written to a configuration file. The default configuration file is a .s3s2.json
file in your home directory.
You can specify a different configuration file to write by supplying a file parameter as follows:
s3s2 config --file /Users/mk/mys3s2config.json
The default .s3s2 file will be used unless when running you specify a config file like this:
s3s2 --config /Users/mk/mys3s2config.json share
Here is a more complete example of what that looks like:
om:s3s2 mk$ ./s3s2 config --file ~/s3s2-demo.json
Using config file: /Users/mk/.s3s2.json
Please specify a bucket.
> demo-incoming
Please specify a region.
> us-east-1
Please specify an org.
> Jemurai
Please specify a working directory.
> ~/Desktop/s3s2/
Please specify a file prefix (nothing sensitive).
> jemurai_
Please specify a public key to use (file path or url).
> https://s3s2.jemurai.com/.well_known/s3s2-pub.asc
Your config was written to /Users/mk/s3s2-demo.json . You can invoke with s3s2 --config /Users/mk/s3s2-demo.json
Running s3s2 is as simple as invoking this from a terminal or command prompt:
s3s2 share --directory /directory/to/share>
Or more realistically:
s3s2 share --debug true --bucket <your-bucket> --region <your-region> --directory test/s3s2/s3s2-up/ --org YourOrg --prefix <optional-prefix> --reciever-public-key test/s3s2/s3s2-keys/test.pubkey
The parameters supported include:
We do not recommend storing the awskey in local configuration, even though use of that key would be strictly governed by IAM rules.
Note that s3s2 will not run if neither pubkey or awskey are provided.
Feel free to create issues and work with us on GitHub: https://github.com/Jemurai/s3s2
You can find Jemurai folks to talk about S3S2 on Gitter: https://gitter.im/jemurai-oss/s3s2