pypi version GitHub Forks GitHub Open Issues Code Health travis-ci for master branch coverage report for master branch sphinx documentation for latest release Project Status: WIP – Initial development is in progress, but there has not yet been a stable, usable release suitable for the public.

s3sfe (S3 Sync Filelist Encrypted) Sync a list of files to S3, using server-side encryption with customer-provided keys.


This is a quick script I wrote for my own purposes. It’s not terribly well tested, and it serves a small niche use case. If you’re looking to securely sync your backups to S3 or another offsite storage, I’d highly encourage you to look into the other options.

My use case is relatively simple:

  • I want to sync just some files from my backups to S3; a specific whitelist of files and directories.
  • I don’t want to keep history, I just want the latest versions somewhere offsite.
  • I want to use S3 Server-Side Encryption with Customer-Provided Encryption Keys (SSE-C); I’m fine keeping the key on my computer, because if someone can get it, they can get the original files too. I’m not worried about Amazon snooping on my data. I’m not concerned with anyone being able to access the filenames or metadata. All I’m really concerned about is that if a malicious party gets access to my AWS account, they don’t also implicitly get the file contents.

This tool takes a list of files or directories on the local filesystem and syncs them to S3, using server-side encryption. It uses the files’ md5sums to only upload files that differ from what’s already in S3.


  • Python 2.7 or 3.3+ (currently tested with 2.7, 3.3+ and developed with 3.6)
  • Python VirtualEnv and pip (recommended installation method; your OS/distribution should have packages for these)


It’s recommended that you install into a virtual environment (virtualenv / venv). See the virtualenv usage documentation for information on how to create a venv.

pip install s3sfe


s3sfe takes all of its configuration via command-line options. It does, however, expect a few elements of configuration to be present on the system:


To backup: s3sfe --help

To restore: s3sfe-restore --help

Bugs and Feature Requests

Bug reports and feature requests are happily accepted via the GitHub Issue Tracker. Pull requests are welcome. Issues that don’t have an accompanying pull request will be worked on as my time and priority allows.


To install for development:

  1. Fork the s3sfe repository on GitHub
  2. Create a new branch off of master in your fork.
$ virtualenv s3sfe
$ cd s3sfe && source bin/activate
$ pip install -e git+git@github.com:YOURNAME/s3sfe.git@BRANCHNAME#egg=s3sfe
$ cd src/s3sfe

The git clone you’re now in will probably be checked out to a specific commit, so you may want to git checkout BRANCHNAME.


  • pep8 compliant with some exceptions (see pytest.ini)
  • 100% test coverage with pytest (with valid tests)


Testing is done via pytest, driven by tox.

  • testing is as simple as:
    • pip install tox
    • tox
  • If you want to pass additional arguments to pytest, add them to the tox command line after “–”. i.e., for verbose pytext output on py27 tests: tox -e py27 -- -v

Release Checklist

  1. Open an issue for the release; cut a branch off master for that issue.
  2. Confirm that there are CHANGES.rst entries for all major changes.
  3. Ensure that Travis tests passing in all environments.
  4. Ensure that test coverage is no less than the last release (ideally, 100%).
  5. Increment the version number in s3sfe/version.py and add version and release date to CHANGES.rst, then push to GitHub.
  6. Confirm that README.rst renders correctly on GitHub.
  7. Upload package to testpypi:
  8. Create a pull request for the release to be merged into master. Upon successful Travis build, merge it.
  9. Tag the release in Git, push tag to GitHub:
    • tag the release. for now the message is quite simple: git tag -s -a X.Y.Z -m 'X.Y.Z released YYYY-MM-DD'
    • push the tag to GitHub: git push origin X.Y.Z
  1. Upload package to live pypi:
    • twine upload dist/*
  1. make sure any GH issues fixed in the release were closed.

Indices and tables