ワンクリックでManusで任意のスキルを実行

$pwd:

aws-v4-signing-custom-headers-gcs

Name: Aws V4 Signing Custom Headers Gcs
Author: divinevideo

// Add custom metadata headers (x-amz-meta-*) to AWS v4 signed requests for GCS S3-compatible API. Use when: (1) Adding custom metadata to GCS uploads via S3 API, (2) Getting signature mismatch errors after adding new headers, (3) x-amz-meta-* headers being ignored or causing 403 errors. Custom headers MUST be included in canonical headers and signed headers list.

Manusで実行

$ git log --oneline --stat

stars:253

forks:50

updated:2026年5月5日 02:08

SKILL.md

readonly

name	aws-v4-signing-custom-headers-gcs
description	Add custom metadata headers (x-amz-meta-) to AWS v4 signed requests for GCS S3-compatible API. Use when: (1) Adding custom metadata to GCS uploads via S3 API, (2) Getting signature mismatch errors after adding new headers, (3) x-amz-meta- headers being ignored or causing 403 errors. Custom headers MUST be included in canonical headers and signed headers list.
author	Claude Code
version	1.0.0
date	"2026-01-20T00:00:00.000Z"

AWS v4 Signing with Custom Metadata Headers for GCS

Problem

When adding custom metadata headers (x-amz-meta-*) to GCS S3-compatible API requests, the requests fail with signature mismatch errors. The headers must be properly included in the AWS v4 signature calculation.

Context / Trigger Conditions

Using GCS S3-compatible XML API (not the native JSON API)
Adding x-amz-meta-* headers for object metadata
Error: "SignatureDoesNotMatch" or 403 Forbidden after adding headers
Headers work with unsigned requests but fail with AWS v4 signing
HMAC credentials configured for GCS interoperability

Solution

Custom headers must be included in both the canonical headers and the signed headers list, sorted alphabetically:

1. Canonical Headers (alphabetically sorted)

let canonical_headers = format!(
    "host:{}\nx-amz-content-sha256:{}\nx-amz-date:{}\nx-amz-meta-owner:{}\n",
    host, payload_hash, amz_date, owner  // Note: alphabetical order!
);

2. Signed Headers List

let signed_headers = "host;x-amz-content-sha256;x-amz-date;x-amz-meta-owner";

3. Complete Example (Rust)

fn sign_request_with_owner(
    req: &mut Request,
    config: &GCSConfig,
    payload_hash: Option<String>,
    owner: &str
) -> Result<()> {
    // Set headers first
    req.set_header("x-amz-date", &amz_date);
    req.set_header("x-amz-content-sha256", &payload_hash);
    req.set_header("x-amz-meta-owner", owner);  // Custom metadata

    // Canonical headers - MUST be alphabetically sorted
    let signed_headers = "host;x-amz-content-sha256;x-amz-date;x-amz-meta-owner";
    let canonical_headers = format!(
        "host:{}\nx-amz-content-sha256:{}\nx-amz-date:{}\nx-amz-meta-owner:{}\n",
        host, payload_hash, amz_date, owner
    );

    // Rest of AWS v4 signing...
    let canonical_request = format!(
        "{}\n{}\n{}\n{}\n{}\n{}",
        method, uri, query, canonical_headers, signed_headers, payload_hash
    );

    // Sign and add Authorization header...
}

Verification

After uploading, verify metadata is present:

gsutil stat gs://bucket/object-name
# Should show:
#     Metadata:
#         owner: <value>

Or via S3 API:

aws s3api head-object --bucket bucket --key object-name --endpoint-url https://storage.googleapis.com

Example

Before (broken) - header not in signature:

let signed_headers = "host;x-amz-content-sha256;x-amz-date";  // Missing x-amz-meta-owner
req.set_header("x-amz-meta-owner", owner);  // Header added but not signed
// Result: 403 SignatureDoesNotMatch

After (working) - header properly signed:

let signed_headers = "host;x-amz-content-sha256;x-amz-date;x-amz-meta-owner";  // Included!
req.set_header("x-amz-meta-owner", owner);
// Include in canonical_headers too
// Result: 200 OK, metadata visible in GCS

Notes

Header names are case-insensitive but conventionally lowercase in canonical form
The semicolon-separated signed headers list must match the newline-separated canonical headers
For GCS, the metadata appears as Metadata: key: value in gsutil stat output
When using the native GCS JSON API, use the metadata object field instead
Multiple custom headers can be added - just ensure all are in canonical/signed lists

References

AWS Signature Version 4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
GCS S3 Interoperability: https://cloud.google.com/storage/docs/interoperability
GCS Object Metadata: https://cloud.google.com/storage/docs/metadata

related-skills.json

同じリポジトリ

e2e-test.md

from "divinevideo/divine-mobile"

Run and debug Flutter E2E integration tests that exercise the real app against a local Docker backend (no mocks). Use when running E2E tests, debugging failures, or working on the local harness.

2026-05-27253

review-before-commit.md

from "divinevideo/divine-mobile"

Review all uncommitted changes before pushing. Checks for dead code, stale comments, CLAUDE.md rule violations, unused imports, and inconsistencies introduced during the current session. Invoke with /review-before-commit.

2026-05-11253

argocd-externalsecret-namespace-permission.md

from "divinevideo/divine-mobile"

Fix ArgoCD ExternalSecret deployment failing with "namespace X is not permitted in project Y". Use when: (1) ExternalSecret shows OutOfSync in ArgoCD but won't sync, (2) ArgoCD application status shows "namespace X is not permitted in project 'infrastructure'", (3) ExternalSecret targets a namespace managed by a different ArgoCD project, (4) Using apps-of-apps pattern with separate infrastructure and application projects.

2026-05-05253

art-direct.md

from "divinevideo/divine-mobile"

Art direction for any content — reads text, PDF, Word, HTML, PPT, then proposes 2-3 creative directions with photography style, mood, and visual language. After selection, generates AI image prompts and visual briefs section-by-section. Use when the user shares content and needs visual direction, image sourcing, or creative direction for any material.

2026-05-05253

async-await-null-race-condition.md

from "divinevideo/divine-mobile"

Fix "Null check operator used on a null value" errors when an object is set to null during an async await. Use when: (1) Object reference is nullified while awaiting, (2) Code accesses object with ! after await returns, (3) Cancel/dispose operations run concurrently with async operations on same object. Solution: capture local reference before await.

2026-05-05253

bash-herestring-newline-secrets.md

from "divinevideo/divine-mobile"

Fix password/secret authentication failures caused by trailing newlines when creating Google Cloud secrets (or similar) with bash here-strings. Use when: (1) Password authentication fails with correct password, (2) Secret created with `<<< "value"` syntax, (3) Error like "password authentication failed" or "invalid token" despite correct value. Bash here-strings (`<<<`) add a trailing newline that corrupts secrets.

2026-05-05253

package.json

"author": "divinevideo"

"repository": "divinevideo/divine-mobile"

GitHub リポジトリを開く Creator のリポジトリを見る

$ install --global

$ download --local

Manusで実行

$ useful --forSOC

ソフトウェア開発者コンピュータ・数学職15-1252L4

name	aws-v4-signing-custom-headers-gcs
description	Add custom metadata headers (x-amz-meta-) to AWS v4 signed requests for GCS S3-compatible API. Use when: (1) Adding custom metadata to GCS uploads via S3 API, (2) Getting signature mismatch errors after adding new headers, (3) x-amz-meta- headers being ignored or causing 403 errors. Custom headers MUST be included in canonical headers and signed headers list.
author	Claude Code
version	1.0.0
date	"2026-01-20T00:00:00.000Z"

AWS v4 Signing with Custom Metadata Headers for GCS

Problem

Context / Trigger Conditions

Using GCS S3-compatible XML API (not the native JSON API)
Adding x-amz-meta-* headers for object metadata
Error: "SignatureDoesNotMatch" or 403 Forbidden after adding headers
Headers work with unsigned requests but fail with AWS v4 signing
HMAC credentials configured for GCS interoperability

Solution

Custom headers must be included in both the canonical headers and the signed headers list, sorted alphabetically:

1. Canonical Headers (alphabetically sorted)

let canonical_headers = format!(
    "host:{}\nx-amz-content-sha256:{}\nx-amz-date:{}\nx-amz-meta-owner:{}\n",
    host, payload_hash, amz_date, owner  // Note: alphabetical order!
);

2. Signed Headers List

let signed_headers = "host;x-amz-content-sha256;x-amz-date;x-amz-meta-owner";

3. Complete Example (Rust)

fn sign_request_with_owner(
    req: &mut Request,
    config: &GCSConfig,
    payload_hash: Option<String>,
    owner: &str
) -> Result<()> {
    // Set headers first
    req.set_header("x-amz-date", &amz_date);
    req.set_header("x-amz-content-sha256", &payload_hash);
    req.set_header("x-amz-meta-owner", owner);  // Custom metadata

    // Canonical headers - MUST be alphabetically sorted
    let signed_headers = "host;x-amz-content-sha256;x-amz-date;x-amz-meta-owner";
    let canonical_headers = format!(
        "host:{}\nx-amz-content-sha256:{}\nx-amz-date:{}\nx-amz-meta-owner:{}\n",
        host, payload_hash, amz_date, owner
    );

    // Rest of AWS v4 signing...
    let canonical_request = format!(
        "{}\n{}\n{}\n{}\n{}\n{}",
        method, uri, query, canonical_headers, signed_headers, payload_hash
    );

    // Sign and add Authorization header...
}

Verification

After uploading, verify metadata is present:

gsutil stat gs://bucket/object-name
# Should show:
#     Metadata:
#         owner: <value>

Or via S3 API:

aws s3api head-object --bucket bucket --key object-name --endpoint-url https://storage.googleapis.com

Example

Before (broken) - header not in signature:

let signed_headers = "host;x-amz-content-sha256;x-amz-date";  // Missing x-amz-meta-owner
req.set_header("x-amz-meta-owner", owner);  // Header added but not signed
// Result: 403 SignatureDoesNotMatch

After (working) - header properly signed:

let signed_headers = "host;x-amz-content-sha256;x-amz-date;x-amz-meta-owner";  // Included!
req.set_header("x-amz-meta-owner", owner);
// Include in canonical_headers too
// Result: 200 OK, metadata visible in GCS

Notes

Header names are case-insensitive but conventionally lowercase in canonical form
The semicolon-separated signed headers list must match the newline-separated canonical headers
For GCS, the metadata appears as Metadata: key: value in gsutil stat output
When using the native GCS JSON API, use the metadata object field instead
Multiple custom headers can be added - just ensure all are in canonical/signed lists

References

AWS Signature Version 4: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
GCS S3 Interoperability: https://cloud.google.com/storage/docs/interoperability
GCS Object Metadata: https://cloud.google.com/storage/docs/metadata

aws-v4-signing-custom-headers-gcs

AWS v4 Signing with Custom Metadata Headers for GCS

Problem

Context / Trigger Conditions

Solution

1. Canonical Headers (alphabetically sorted)

2. Signed Headers List

3. Complete Example (Rust)

Verification

Example

Notes

References

このリポジトリの他の Skills

このリポジトリの他の Skills

AWS v4 Signing with Custom Metadata Headers for GCS

Problem

Context / Trigger Conditions

Solution

1. Canonical Headers (alphabetically sorted)

2. Signed Headers List

3. Complete Example (Rust)

Verification

Example

Notes

References