Support S3 v4 signatures for buckets secured with KMS customer managed keys #3772

New Issue

Closed

opened 2026-02-05 07:24:46 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-05 07:24:46 +03:00

Owner

Copy Link

Originally created by @zonywhoop on GitHub (Apr 30, 2023).

Describe the feature you'd like

When using a customer managed key for KMS encryption of an S3 bucket all GET and HEAD requests must be signed using an AWS v4 signature. Because Bookstack does not do this, even public files are not accessible. This feature is available in Laravel 9 already using the temporaryURL() method on the storage facade as noted here:
https://laravel.com/docs/10.x/filesystem#temporary-urls

Describe the benefits this would bring to existing BookStack users

Allowing this method of file access also allows for use of files stored in private buckets which is requirement for many companies that are seeking high end compliances such as SOC2, HIPAA, or PCI.

Can the goal of this request already be achieved via other means?

No

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundemental request

How long have you been using BookStack?

Over 5 years

Additional context

No response

Originally created by @zonywhoop on GitHub (Apr 30, 2023). ### Describe the feature you'd like When using a customer managed key for KMS encryption of an S3 bucket all GET and HEAD requests must be signed using an AWS v4 signature. Because Bookstack does not do this, even public files are not accessible. This feature is available in Laravel 9 already using the temporaryURL() method on the storage facade as noted here: https://laravel.com/docs/10.x/filesystem#temporary-urls ### Describe the benefits this would bring to existing BookStack users Allowing this method of file access also allows for use of files stored in private buckets which is requirement for many companies that are seeking high end compliances such as SOC2, HIPAA, or PCI. ### Can the goal of this request already be achieved via other means? No ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundemental request ### How long have you been using BookStack? Over 5 years ### Additional context _No response_

OVERLORD added the 🔨 Feature Request:cat2:🐈 Possible duplicate labels 2026-02-05 07:24:46 +03:00

OVERLORD closed this issue 2026-02-05 07:24:49 +03:00

OVERLORD commented 2026-02-05 07:24:51 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Apr 30, 2023):

Thanks for the request, I'm going to close this off though as a duplicate of #763 which is essentially already existing as an issue to support AWS signed URLs.

@ssddanbrown commented on GitHub (Apr 30, 2023): Thanks for the request, I'm going to close this off though as a duplicate of #763 which is essentially already existing as an issue to support AWS signed URLs.

OVERLORD commented 2026-02-05 07:24:54 +03:00

Author

Owner

Copy Link

@zonywhoop commented on GitHub (Apr 30, 2023):

@ssddanbrown, I saw #763, and while similar, this change would implement a smaller subset (download only) of the features required there. I also may be able to knock this out and provide a PR in the next week or two. Happy to work that against #763 as a partial implementation.

@zonywhoop commented on GitHub (Apr 30, 2023): @ssddanbrown, I saw #763, and while similar, this change would implement a smaller subset (download only) of the features required there. I also may be able to knock this out and provide a PR in the next week or two. Happy to work that against #763 as a partial implementation.

OVERLORD commented 2026-02-05 07:25:00 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Apr 30, 2023):

@zonywhoop I'm fairly sure the mention of "Upload" in #763 is matter of translation, and would more accurately be referred to as "storage" in that context.

To be honest, I don't think I'd accept a PR for this right now since the demand is so minor to be worth expanding the scope of support here.

@ssddanbrown commented on GitHub (Apr 30, 2023): @zonywhoop I'm fairly sure the mention of "Upload" in #763 is matter of translation, and would more accurately be referred to as "storage" in that context. To be honest, I don't think I'd accept a PR for this right now since the demand is so minor to be worth expanding the scope of support here.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label :cat2:🐈 Possible duplicate 🔨 Feature Request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3772