From 80ce678e9578892544898315d34cd6a1de6c1145 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 5 Jun 2015 16:41:49 -0400 Subject: [PATCH] note about encryption=shared --- doc/devblog/day_291__public_S3.mdwn | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/devblog/day_291__public_S3.mdwn b/doc/devblog/day_291__public_S3.mdwn index 7d00643a9c..35e1240428 100644 --- a/doc/devblog/day_291__public_S3.mdwn +++ b/doc/devblog/day_291__public_S3.mdwn @@ -4,8 +4,12 @@ without needing any S3 credentials. Read-only of course. This tip shows how to do it: [[tips/public_Amazon_S3_remote]] -That will work for at least AWS S3, and for the Internet Archive's S3. -It may work for other S3 services, that can be configured to publish +One rather neat way to use this is to configure the remote with +`encryption=shared`. Then, the files stored in S3 will be encrypted, and +anyone with access to the git repository can get and decrypt the files. + +This feature will work for at least AWS S3, and for the Internet Archive's +S3. It may work for other S3 services, that can be configured to publish their files over unauthenticated http. There's a `publicurl` configuration setting to allow specifying the url when using a service that git-annex doesn't know the url for.