putBucketEncryption method
Written by
Updated at September 30, 2024
Adds encryption to the bucket. By default, objects added to the bucket are encrypted with the specified KMS key. For more information about bucket encryption, see Encryption in Object Storage.
For more information on getting started with the API and the general request format, see How to use the S3 API.
Request
PUT /{bucket}?encryption HTTP/2
Path parameters
| Parameter | Description |
|---|---|
bucket |
Bucket name. |
Headers
Use only common request headers in your requests.
Response
Headers
Responses can only contain common response headers.
Response codes
For a list of possible responses, see Responses.
A successful response contains additional data in XML format with the schema described below.
Data schema
<ServerSideEncryptionConfiguration>
<Rule>
<ApplyServerSideEncryptionByDefault>
<KMSMasterKeyID>string</KMSMasterKeyID>
<SSEAlgorithm>string</SSEAlgorithm>
</ApplyServerSideEncryptionByDefault>
</Rule>
...
</ServerSideEncryptionConfiguration>
| Element | Description |
|---|---|
ApplyServerSideEncryptionByDefault |
Sets default encryption for the object, if other encryption parameters are not specified in the request. Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault. |
KMSMasterKeyID |
KMS key ID. Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\KMSMasterKeyID. |
Rule |
Encryption policy on the server side. The encryption is defined with KMSMasterKeyID and SSEAlgorithm.Path: ServerSideEncryptionConfiguration\Rule. |
ServerSideEncryptionConfiguration |
Encryption configuration used for new objects in the bucket by default. Path: ServerSideEncryptionConfiguration. |
SSEAlgorithm |
Encryption algorithm. The only possible value is aws:kms.Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\SSEAlgorithm. |