PutBucketEncryption
Sets the default encryption configuration for a bucket.
Description
The PutBucketEncryption operation sets the default server-side encryption configuration for a bucket. By default, all buckets have encryption enabled with QStorage-managed keys.
important
When using QKMS (SSE-KMS or DSSE-KMS), QStorage will still encrypt the data an additional time with the network's default encryption before it hits the network, regardless of the encryption configuration specified.
note
- To use this operation, you must have permission to perform the
s3:PutEncryptionConfigurationaction. - You must be the bucket owner to use this operation.
- The encryption configuration specified replaces any existing configuration.
Request Syntax
PUT /?encryption HTTP/1.1
Host: BucketName.qstorage.quilibrium.com
Content-MD5: Base64EncodedMD5
x-amz-expected-bucket-owner: OwnerAccountId
<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>verenc</SSEAlgorithm>
<KMSMasterKeyID>qkms:key-id</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
<BucketKeyEnabled>true</BucketKeyEnabled>
</Rule>
</ServerSideEncryptionConfiguration>
Values in italics indicate user input and should be replaced with actual values.
Request Parameters
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-MD5 | The base64-encoded 128-bit MD5 digest of the request body | Yes | text |
| x-amz-expected-bucket-owner | The account ID of the expected bucket owner | No | text |
Request Body Elements
| Name | Type | Description | Required |
|---|---|---|---|
| ServerSideEncryptionConfiguration | Container | Container for server-side encryption configuration rules | Yes |
| Rule | ServerSideEncryptionRule | Container for a server-side encryption rule. The bucket encryption configuration can include only one rule. | Yes |
Examples
Example 1: Set default encryption using QStorage-managed keys (SSE-S3)
PUT /?encryption HTTP/1.1
Host: my-bucket.qstorage.quilibrium.com
Content-MD5: DqB+2AhQpgX6OJAYrGA8Vw==
<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionConfiguration>
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>AES256</SSEAlgorithm>
</ApplyServerSideEncryptionByDefault>
</Rule>
</ServerSideEncryptionConfiguration>
Values in italics indicate user input and should be replaced with actual values.
HTTP/1.1 200 OK
x-amz-id-2: Example7qoYGN7uMuFuYS6m7a4l
x-amz-request-id: TX234S0F24A06C7
Date: Wed, 01 Mar 2024 12:00:00 GMT
Values in italics indicate variable response values.
Example 2: Set default encryption using QKMS (SSE-KMS)
PUT /?encryption HTTP/1.1
Host: my-bucket.qstorage.quilibrium.com
Content-MD5: DqB+2AhQpgX6OJAYrGA8Vw==
<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionConfiguration>
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>verenc</SSEAlgorithm>
<KMSMasterKeyID>qkms:1234abcd-12ab-34cd-56ef-1234567890ab</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
<BucketKeyEnabled>true</BucketKeyEnabled>
</Rule>
</ServerSideEncryptionConfiguration>
Values in italics indicate user input and should be replaced with actual values.
HTTP/1.1 200 OK
x-amz-id-2: Example7qoYGN7uMuFuYS6m7a4l
x-amz-request-id: TX234S0F24A06C7
Date: Wed, 01 Mar 2024 12:00:00 GMT
Values in italics indicate variable response values.
Response Syntax
HTTP/1.1 200 OK
x-amz-id-2: RequestId
x-amz-request-id: AmazonRequestId
Date: ISO8601Date
Values in italics indicate variable response values.
Response Elements
Response Headers
| Name | Description | Required | Type |
|---|---|---|---|
| x-amz-id-2 | An identifier for the request | No | String |
| x-amz-request-id | A unique identifier for the request | No | String |
| Date | The date and time at which the response was sent | No | String |
This operation does not return a response body.
Special Errors
| Error Code | Description |
|---|---|
| NoSuchBucket | The specified bucket does not exist |
| InvalidArgument | The encryption configuration is not valid |
| 403 | Forbidden. Authentication failed or you do not have permission to set the encryption configuration |
Permissions
You must have the s3:PutEncryptionConfiguration permission.
Try It Out
Test PutBucketEncryption
Set the default encryption configuration of a bucket.
Coming Soon
This feature is currently under development and will be available soon.