Bucket Encryption Configuration Reference

A bucket encryption configuration is a JSON file in which you define the encryption rules you want to apply to a bucket when enabling encryption. With an encryption configuration, you can specify the default encryption method for new objects, ensuring that all data stored in the bucket meets your security and compliance requirements.

This page describes the elements you can specify in an encryption configuration file. Once you have written the file, you need to apply it to your bucket. For more information, see Enabling or Disabling Bucket Encryption.

You can also specify these elements as an inline JSON string.

To create an encryption configuration, you need to create a JSON file following this structure:

Configuration structure
{
  "Rules":
  [
    {
      "ApplyServerSideEncryptionByDefault":
      {
        "SSEAlgorithm": "AES256"
      }
    }
  ]
}

This file contains the following attributes:

Attribute Required Description

Rules

Yes

The specific encryption rules applied as default for objects placed in the buckets.

ApplyServerSideEncryptionByDefault

Yes

Specifies the default encryption settings applied to new objects stored in the bucket.

SSEAlgorithm

Yes

The server-side encryption algorithm to use, always AES256.

  • AES256: The default encryption algorithm. This encryption algorithm uses symmetric encryption and a 256-bit key. It is currently fully supported and recommended for use.

  • aws:kms: Currently corresponds to AES256 and is used only if a custom cryptographic key is used. Since the cryptographic key for your account is provided and managed by 3DS OUTSCALE, we recommend using AES256 for the time being.

Related Pages

Export to PDF