Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

getBucketEncryption method

Written by
Updated at September 2, 2025

Returns information about bucket encryption. For more information about bucket encryption, see Encryption in Object Storage.

For more information on getting started with the API and the general request format, see How to use the S3 API.

Request

GET /{bucket}?encryption HTTP/2

Path parameters

Parameter Description
bucket Bucket name.

Headers

Use only common headers in your requests.

Response

Headers

Responses can only contain common headers.

Response codes

For a list of possible responses, see Responses.

A successful response contains additional data in XML format with the schema described below.

Data schema

<ListBucketResult
          xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
          <KeyCount>1</KeyCount>
          <Name>my-sample-bucket</Name>
          <Prefix></Prefix>
          <MaxKeys>1000</MaxKeys>
          <IsTruncated>false</IsTruncated>
          <Contents>
              <Key>text.txt</Key>
              <LastModified>2025-05-15T07:23:08.030Z</LastModified>
              <Owner>
                  <ID>ajegtlf2q28a********</ID>
                  <DisplayName>ajegtlf2q28a********</DisplayName>
              </Owner>
              <ETag>&#34;f75a361db63aa4722fb8e083********&#34;</ETag>
              <Size>103</Size>
              <StorageClass>STANDARD</StorageClass>
              <TagSet></TagSet>
          </Contents>
      </ListBucketResult>
Element Description
ApplyServerSideEncryptionByDefault Sets default encryption for the object, if other encryption parameters are not specified in the request.

Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault.
KMSMasterKeyID KMS key ID.

Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\KMSMasterKeyID.
Rule Server-side encryption policy.

The encryption is defined by KMSMasterKeyID and SSEAlgorithm.

Path: ServerSideEncryptionConfiguration\Rule.
ServerSideEncryptionConfiguration Default encryption configuration for new objects in the bucket.

Path: ServerSideEncryptionConfiguration.
SSEAlgorithm Encryption algorithm that takes the aws:kms value.

Path: ServerSideEncryptionConfiguration\Rule\ApplyServerSideEncryptionByDefault\SSEAlgorithm.

See also

Previous
create
Next
getMeta