GetBucketEncryption
Returns the default encryption configuration for a bucket.
Description
The GetBucketEncryption operation returns the default encryption configuration for a bucket. By default, all buckets have encryption enabled with QStorage-managed keys.
note
- To use this operation, you must have permission to perform the
s3:GetEncryptionConfigurationaction. - You must be the bucket owner to use this operation.
- If the bucket does not have a default encryption configuration, QStorage returns a
ServerSideEncryptionConfigurationNotFoundErrorerror.
Request Syntax
GET /?encryption HTTP/1.1
Host: BucketName.qstorage.quilibrium.com
x-amz-expected-bucket-owner: OwnerAccountId
Values in italics indicate user input and should be replaced with actual values.
This operation does not have a request body.
Request Parameters
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| x-amz-expected-bucket-owner | The account ID of the expected bucket owner | No | text |
Examples
Example 1: Get default encryption configuration from a bucket
GET /?encryption HTTP/1.1
Host: my-bucket.qstorage.quilibrium.com
Values in italics indicate user input and should be replaced with actual values.
HTTP/1.1 200 OK
x-amz-id-2: Example7qoYGN7uMuFuYS6m7a4l
x-amz-request-id: TX234S0F24A06C7
Date: Wed, 01 Mar 2024 12:00:00 GMT
<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>AES256</SSEAlgorithm>
</ApplyServerSideEncryptionByDefault>
</Rule>
</ServerSideEncryptionConfiguration>
Values in italics indicate variable response values.
Response Syntax
HTTP/1.1 200 OK
x-amz-id-2: RequestId
x-amz-request-id: AmazonRequestId
Date: ISO8601Date
<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>Algorithm</SSEAlgorithm>
<KMSMasterKeyID>KeyId</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
<BucketKeyEnabled>BooleanValue</BucketKeyEnabled>
</Rule>
</ServerSideEncryptionConfiguration>
Values in italics indicate variable response values.
Response Elements
Response Headers
| Name | Description | Required | Type |
|---|---|---|---|
| x-amz-id-2 | An identifier for the request | No | String |
| x-amz-request-id | A unique identifier for the request | No | String |
| Date | The date and time at which the response was sent | No | String |
Response Body Elements
| Name | Description | Required | Type |
|---|---|---|---|
| ServerSideEncryptionConfiguration | Container for server-side encryption configuration rules | Yes | Container |
| Rule | Container for a server-side encryption rule. The bucket encryption configuration can include only one rule. | Yes | ServerSideEncryptionRule |
Special Errors
| Error Code | Description |
|---|---|
| NoSuchBucket | The specified bucket does not exist |
| ServerSideEncryptionConfigurationNotFoundError | The server-side encryption configuration was not found |
| 403 | Forbidden. Authentication failed or you do not have permission to get the encryption configuration |
Permissions
You must have the s3:GetEncryptionConfiguration permission.
Try It Out
Test GetBucketEncryption
Get the default encryption configuration of a bucket.
Coming Soon
This feature is currently under development and will be available soon.