ServerSideEncryptionRule
The ServerSideEncryptionRule data type specifies the default server-side encryption configuration for a bucket.
Syntax
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>string</SSEAlgorithm>
<KMSMasterKeyID>string</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
<BucketKeyEnabled>boolean</BucketKeyEnabled>
</Rule>
Properties
| Name | Description | Required | Type |
|---|---|---|---|
| ApplyServerSideEncryptionByDefault | Container for server-side encryption by default configuration | Yes | Container |
| ApplyServerSideEncryptionByDefault.SSEAlgorithm | Server-side encryption algorithm to use Valid values: AES256 | verenc | Yes | String |
| ApplyServerSideEncryptionByDefault.KMSMasterKeyID | QKMS key ID to use. Only required when SSEAlgorithm is `verenc`. Must be prefixed with `qkms:` | No | String |
| BucketKeyEnabled | Specifies whether QStorage should use an QStorage Bucket Key with SSE-KMS. Bucket keys can reduce your QKMS costs | No | Boolean |
important
When using QKMS (SSE-KMS), QStorage will still encrypt the data an additional time with the network's default encryption before it hits the network, regardless of the encryption configuration specified.
Examples
Example 1: SSE-S3 Configuration
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>AES256</SSEAlgorithm>
</ApplyServerSideEncryptionByDefault>
</Rule>
Example 2: SSE-KMS Configuration with Bucket Key
<Rule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>verenc</SSEAlgorithm>
<KMSMasterKeyID>qkms:1234abcd-12ab-34cd-56ef-1234567890ab</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
<BucketKeyEnabled>true</BucketKeyEnabled>
</Rule>
Description
The ServerSideEncryptionRule type defines how QStorage should encrypt objects in a bucket. You can specify the default encryption method and whether to use bucket keys for SSE-KMS encryption.
Related Types
Server Side Encryption By Default
| Name | Description | Required | Type |
|---|---|---|---|
| SSEAlgorithm | Server-side encryption algorithm to use Valid values: AES256 | verenc | Yes | String |
| KMSMasterKeyID | KMS key ID to use for object encryption. Only used when SSEAlgorithm is `verenc` | No | String |
Usage
The ServerSideEncryptionRule type is used in operations that manage default encryption for buckets, such as:
note
By default, all buckets have encryption enabled with QStorage-managed keys (SSE-S3).