From 7e5e1712f5e15f59d3598367f4128ed5d6135382 Mon Sep 17 00:00:00 2001
From: Cody Wyatt Neiman <neiman@cody.to>
Date: Tue, 3 Jan 2023 17:53:33 -0500
Subject: [PATCH] Encode s3 sse-c key for utf-8

---
 docs/configuring-playbook-synapse-s3-storage-provider.md        | 2 +-
 .../templates/synapse/ext/s3-storage-provider/env.j2            | 2 +-
 .../ext/s3-storage-provider/media_storage_provider.yaml.j2      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/configuring-playbook-synapse-s3-storage-provider.md b/docs/configuring-playbook-synapse-s3-storage-provider.md
index a4ee7063..25d9a54a 100644
--- a/docs/configuring-playbook-synapse-s3-storage-provider.md
+++ b/docs/configuring-playbook-synapse-s3-storage-provider.md
@@ -43,7 +43,7 @@ matrix_synapse_ext_synapse_s3_storage_provider_config_storage_class: STANDARD #
 # This is not recommended unless you understand what you are doing, and may make restoring from backups additionally challenging
 # You can read more about SSE-C here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
 matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled: true
-matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | head -c 32 | base64 -
+matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key: ssec-key-goes-here # Generate with: cat /dev/urandom | base64 | head -c 32
 matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo: AES256
 # Using the git version is also required until > v1.1.2 is released
 matrix_synapse_ext_synapse_s3_storage_provider_version: git
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2
index 6cc7753f..58d26255 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/env.j2
@@ -6,7 +6,7 @@ ENDPOINT={{ matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url }
 BUCKET={{ matrix_synapse_ext_synapse_s3_storage_provider_config_bucket }}
 
 {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
-SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | b64decode }}
+SSE_CUSTOMER_KEY={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key }}
 SSE_CUSTOMER_ALGO={{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo }}
 {% endif %}
 
diff --git a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2
index 988ad002..e888e3c5 100644
--- a/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/ext/s3-storage-provider/media_storage_provider.yaml.j2
@@ -10,7 +10,7 @@ config:
   secret_access_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key | to_json }}
 
 {% if matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_enabled %}
-  sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | b64decode | to_json }}
+  sse_customer_key: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_key | to_json }}
   sse_customer_algo: {{ matrix_synapse_ext_synapse_s3_storage_provider_config_sse_customer_algo | to_json }}
 
 {% endif %}